Magic Quotes And $_files
free web hosting
Free Web Hosting > Computers & Tech > Programming > Scripting > PHP

Magic Quotes And $_files

Jared
May 6 2008, 05:56 AM
It recently came upon me that I was designing a website that used file uploads. Of course, PHP was my first choice to solve the problem. I'm pro-PHP and anti-ASP. Perl is somewhere in the middle. But anyway!

I have magic_quotes_runtime and magic_quotes_gpc both on and it seems to be causing some problems with file uploads.

If a user uploads a file called "Jared's Stuff.txt" (that was one of my tests) then magic_quotes insert a backslash before the apostrophe and $_FILES['file']['name'] becomes "'s Stuff.txt" since the backslash is interpreted as part of the path.

Is there any way I can fix this without disabling magic_quotes_gpc?

Thanks,
Jared

Reply

Mordent
May 6 2008, 06:29 AM
I've a feeling you can use stripslashes() somehow, although how you make it act on the file is a little beyond me. I'll have to look in to it to see for myself, as I've never actually tried uploading anything with apostrophes in its name. If no one's looked at this by this evening I'll most likely have a tinker with PHP to see what I can come up with while patiently waiting for someone to look at my support ticket to get my hosting back up. wink.gif

Reply

Jared
May 6 2008, 11:25 AM
I've thought about stripslashes (), but I don't think it's helpful in this case... stripping the slashes out of 's Stuff is still 's Stuff. And before my script is even processed all the $_FILES data is already set. So unfortunately it wouldn't be possible to strip the slashes out before the data is stored in the array. And also there is no set_magic_quotes_gpc () function to get rid of the magic quotes for the $_FILES array.

I am truly clueless.

Reply

TavoxPeru
May 9 2008, 12:57 AM
QUOTE(Jared @ May 6 2008, 06:25 AM) *
I've thought about stripslashes (), but I don't think it's helpful in this case... stripping the slashes out of 's Stuff is still 's Stuff. And before my script is even processed all the $_FILES data is already set. So unfortunately it wouldn't be possible to strip the slashes out before the data is stored in the array. And also there is no set_magic_quotes_gpc () function to get rid of the magic quotes for the $_FILES array.

I am truly clueless.

When i need to handle strings that must be escaped or not, I use a function that first tests if the Magic quotes is on with the get_magic_quotes_gpc() function, if it is true simply returns the string and if it is false it returns the string escaped with the mysql_real_escape_string() function.

CODE
<?php
function safeEscapeString($string)
{
    if (get_magic_quotes_gpc()) {
        return $string;
    }
    else {
        return mysql_real_escape_string($string);
    }
}
?>

This function works perfect if you need to insert or update your database data and as i just discover it does not work with uploaded files, so, to work with files you only need to add the stripslashes() function to the Magic quotes test.

CODE
<?php
function safeEscapeString1($string)
{
    if (get_magic_quotes_gpc()) {
        return stripslashes($string);
    }
    else {
        return mysql_real_escape_string($string);
    }
}
?>

I hope it helps you and BTW I test this code only with Internet Explorer 6 on a server running PHP 5.2.5.

Also the Magic Quotes feature has been removed from PHP 6.0.0:

QUOTE
Warning

This feature has been DEPRECATED and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Best regards,

 

 

 


Reply

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.

Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

(Maximum characters: 10,000)
You have characters left.

Recent Queries:-
  1. how to delete files uploaded using $_files - 40.80 hr back. (1)
  2. $_files function using php - 73.17 hr back. (1)
  3. php $_files name quote - 84.08 hr back. (1)
  4. using mysql_real_escape_string to upload $_files - 114.47 hr back. (1)
  5. _files upload to string - 151.61 hr back. (1)
  6. php wget apostrophe - 202.02 hr back. (1)
  7. magic quotes - 229.60 hr back. (1)
  8. wget $_file - 255.54 hr back. (1)
  9. delete directory *_files - 287.82 hr back. (1)
  10. $_files array apostrophe - 320.92 hr back. (1)
  11. single quotes and the $_files - 324.12 hr back. (2)
  12. php file upload and magic quote - 379.10 hr back. (1)
  13. set_magic_quotes_gpc get post - 423.90 hr back. (1)
  14. magic_quotes "$_files" - 468.75 hr back. (1)
Similar Topics

Keywords : magic quotes files

  1. How Do I Create And Write To Files? - creating, writing, deleting files (4)
    Hi, Can someone please tell me how to create files and write to them in PHP. I just want to create
    a simple file containing text, and then be able to read it or update it. Thanks Alfie...
  2. Php : Variables Included Dont Work In Functions - Variables from Included files dont work (4)
    Today, I came up with this strange PHP behaviour. Just wanted to know if anyone has any
    suggestions! I make a common variable/function file called config.php. I put in my generally
    used functions in it. Suppose this is my file // -----VARIABLES --- // $a=10,$b....
    // -----FUCTIONS--- // function doit() { print "A value is " . $a; } ?> Here, suppose we
    execute this file directly. Since A has a global scope, it does work perfectly. But if this same
    file is imported in another file say, mainfile.php // -----VARIABLES --- // $c,$...
  3. How To Protect Included Files - (10)
  4. Reading Files And Folders - (1)
    I am in the process of writing a small content management system for my niche sites and need to be
    able to accomplish the following two items. Any assistance would be appreciated: I have a
    directory that has nothing but sub directories in it and I need to be able to identify each
    directory name and return them in an option drop down selection menu which will be included in an
    identifying URL. ALSO: I am in need of a script that could be included on a returned page
    that will read the content of a table and identify various keywords within the content and pl...
  5. Php File Upload - About uploading files through php (3)
    Right i have done a check for a tutorial on this as well as a question about it but php is not
    allowed in the search box. So i thought i'd just ask what i want to know. I have a form which
    uploads a file, it refreshes the page, uploads the file and then alerts the user to if the file has
    uploaded. To be honest im not sure why i keep getting the error. But here is the code: This is the
    form that is used for the user to select the file &fid= " method="POST"> Choose a file to
    upload: This is the upload code if ($op ==...
  6. Help To Transfer Files Within Hosting Space Using Php - (4)
    I want to transfer files from one folder to another or an entire folder in my web space. I don't
    want to download it and upload it, can I do this using a PHP script. Please help me. I'm just
    learning the basics of PHP...
  7. How To Edit Php Files? - (16)
    Hi, You can use frontpage to preview HTML files, but how can I edit and preview PHP files offline.
    I'm not well-known with PHP and I see more and more using this script to manage their site....
  8. How To Delete Files When Session Ends - (4)
    Dear Friends I need solution to a problem. The problem is as under: I am creating certain files
    (playlist) in server disk when user selects some songs. The files are created in ram format. What I
    want to do is to delete these files created during a particular session. Is it possible to do so?
    Now I am deleting these files using on Unload event fired by JavaScript. I am using PHP. ...
  9. Deleting Files With PHP - is this possible? (6)
    It is posible for PHP to delete files on a server? If so, how is this possible? Just out of
    interest......
  10. Php Interpolation - When to use single/double quotes (7)
    I just thought I'd bring this to the PHP developers, learners, and anyone else who is
    interested. Most people are still not building PHP web applications for performance but rather
    building web applications to get it working, but you must consider all areas in programming,
    especially performance because you want speedy applications too. If you don't know the
    difference between: echo 'Hello, World!'; and echo "Hello, World!"; // as pointed
    out by vujsa then you really need to pay attention to this, it's vital you understand
    interpolation....
  11. Getting Files From Other Sites - Using wget (3)
    Hello. A while ago, a friend showed me this PHP code (wget) which allows you to get files from other
    sites. I was a simple one liner type thing. Since my old host (Nytka) went down, I've lost it,
    as has my friend. Do you know anything about wget, and could tell me it?...



Looking for magic, quotes, files

*RANDOM STUFF*





*SIMILAR VIDEOS*
Searching Video's for magic, quotes, files
Watch the latest videos on YouTube.com
advertisement




Magic Quotes And $_files



 

 

 

 

ADD REPLY / Got an Opinion! a humble request :-) RAPID SEARCH! Free Hosting [X]
Express your Opinions, Thoughts or Contribute your information that might help someone here.
Ask your Doubts & Queries to get answers.. "Together, We enlight each other!" 		Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.
500MB Space *No Ads*, CPanel, FTP, PHP, MySQL, EMails - 100% FREE