PHP magic quotes
Nov 24, 2010
archive
About a year ago, I had problems when sending data to a php page, using AJAX. To
be able to unpack the data, I had to use stripslashes
. Since it seemed to work,
I was happy…until the world exploded.
I then developed a new web site for a company about a month ago, and just noticed
that when posting HTML via AJAX in production, all line feeds turns into u000a
:
This only happened on their production server, not anywhere else. Then, yesterday, it started appeared on one of my production servers as well.
I first didn’t understand what happened, but realized that it must have something to do with the server’s php version or configuration. I had a chat with a friend and came up with the solution.
Magic quotes.
The purpose of magic quotes is to protect web sites from script injections, but
since it didn’t work all that well, the feature is now deprecated. What it does
is wrapping everything in escape slashes, which is why I had to use stripslashes
when sending data with AJAX.
However, when magic quotes are disabled, stripping slashes will instead destroy the escaped line break, which gives the result that can be seen in the image above.
So, I am now disabling magic quotes for all sites, using this .htaccess
line:
php_flag magic_quotes_gpc off
Thanks Mattias Sundberg! It works like a charm!