CodeIgniter Forums
Automatic Escaping in CI - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Automatic Escaping in CI (/thread-5536.html)



Automatic Escaping in CI - El Forum - 01-25-2008

[eluser]ebynum[/eluser]
I've tried to simplify the problem down as far as possible.

I have a simple controller with two methods. One displays a form with a single input (text) field and a submit button. The other does print_r($GLOBALS).

I have placed this controller in two different sites running in virtual hosts on the same server.

Neither site has apostrophes escaped in HTTP_POST_VARS.

Site1 has apostrophes escaped in _POST, but Site2 does not.

If I drop the whole thing out of CodeIgniter (but still inside the virtual hosts) and just make a simple 2-page form/submit application, neither HTTP_POST_VARS nor _POST is escaped with either site.

What's going on?

Thanks,
Ed


On a completely unrelated note, I find it quite humorous that the spell-check library doesn't have CodeIgniter.

*** EDITED ***
I've put the following at the top of the CI_Config() function in the CI_Config class ...

if($_POST) {
print_r($_POST); die();
}

and it is already escaped there.


Automatic Escaping in CI - El Forum - 01-25-2008

[eluser]my_immortal[/eluser]
You simply check get_magic_quotes_gpc() on that server.
if it return true that mean all $_POST variable will escape with backslash(\).
but if it return false then you can determine how to deal with your $_POST varibles.


Automatic Escaping in CI - El Forum - 01-25-2008

[eluser]ebynum[/eluser]
get_magic_quotes_gpc() run immediately before the print_r($GLOBALS) returns 0 on both sites.


Automatic Escaping in CI - El Forum - 01-25-2008

[eluser]ebynum[/eluser]
OK - I figured out what was causing the problem. I'll update the thread after I get some more details, but the issue was the following (which was included at the top of the index.php file).

require('./blog/wp-blog-header.php');

So - not CIs fault - but, instead, WordPress's.