Question

I am using Doctrine ORM for php and Zend MVC. I have a mysql database. When I insert into the database it is escaping quotes. In other-words when I enter

<input name="customer_name" value="Test ed user"> ...

into my form, and assign to a doctrine object and save.

When I look at the database through the mysql command line I get

Test ed user

Is there a way to disable this or do I have to call stripslashes() on each variable?

Answer 1

Check for magic_quotes_gpc being enabled, either by looking at php.ini or running get_magic_quotes_gpc().

If you have access to php.ini, then turn it off. Otherwise you ll need to remove the slashes in your scripts using stripslashes().

Answer 2

You can avoid the magic_quotes_gpc plague altogether by adding something like this to the top of your pages:

if(get_magic_quotes_gpc()) {
    if(!function_exists( stripishlashes_all )) {
        function stripslashes_all(&$data) {
            foreach($data as &$_value) {
                if(is_array($_value)) {
                    stripslashes_all($_value);
                }
                else {
                    $_value = stripslashes($_value);
                }
            }
        }
    }
    stripslashes_all($_REQUEST);
}

Very useful when your code is running on a server you don t have complete control over, or if you plan to distribute it.

友情链接