+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: Automatic Escaping in CI (/showthread.php?tid=5536)
Automatic Escaping in CI - El Forum - 01-25-2008
[eluser]ebynum[/eluser]
I've tried to simplify the problem down as far as possible.
I have a simple controller with two methods. One displays a form with a single input (text) field and a submit button. The other does print_r($GLOBALS).
I have placed this controller in two different sites running in virtual hosts on the same server.
Neither site has apostrophes escaped in HTTP_POST_VARS.
Site1 has apostrophes escaped in _POST, but Site2 does not.
If I drop the whole thing out of CodeIgniter (but still inside the virtual hosts) and just make a simple 2-page form/submit application, neither HTTP_POST_VARS nor _POST is escaped with either site.
What's going on?
Thanks,
Ed
On a completely unrelated note, I find it quite humorous that the spell-check library doesn't have CodeIgniter.
*** EDITED ***
I've put the following at the top of the CI_Config() function in the CI_Config class ...
if($_POST) {
print_r($_POST); die();
}
and it is already escaped there.
Automatic Escaping in CI - El Forum - 01-25-2008
[eluser]my_immortal[/eluser]
You simply check get_magic_quotes_gpc() on that server.
if it return true that mean all $_POST variable will escape with backslash(\).
but if it return false then you can determine how to deal with your $_POST varibles.
Automatic Escaping in CI - El Forum - 01-25-2008
[eluser]ebynum[/eluser]
get_magic_quotes_gpc() run immediately before the print_r($GLOBALS) returns 0 on both sites.
Automatic Escaping in CI - El Forum - 01-25-2008
[eluser]ebynum[/eluser]
OK - I figured out what was causing the problem. I'll update the thread after I get some more details, but the issue was the following (which was included at the top of the index.php file).
require('./blog/wp-blog-header.php');
So - not CIs fault - but, instead, WordPress's.