simple quote bug

[Frost]

You know, I think there might be some confusion as to what should appear onscreen. When you test "test\slash" with magic quotes set to off, you are supposed to see the slash onscreen, as it is an intended slash. So do you see the slash onscreen in this case or not?

[fabz]

Like Frost said, I think you should also change the date build or version, it's important to know if changes were made.

I uploaded the new showproduct.php and it works fine.
I just needed to re-enter the cat description because backslashes were written in the database.

Thank you

[Frost]

Chuck, when you test "test\slash" with magic quotes set to off, do you see the slash onscreen?

[fabz]

Hi,
the problem now exists in emails sent !
I saw it in an email I received to validate an ad, and so I think it happens in all email scripts.
Sorry for this...

[Frost]

fabz, while Chuck has not yet answered my latest question, I believe his answer will be that he doesn't see the slash when testing "test\slash" with magic quotes set to off. For anyone following this thread, here is a synopsis of the escaping issue:

PHP magic quotes is ON and VB3_INTEGRATION is ON

User enters [It's a test\slash]

PP purposely stripslashes -> vB addslashes according to PHP -> PP purposely addslashes

[It's a test\slash] is slashed as [It\\\'s a test\\\\slash] and stored in the table as [It\'s a test\\slash]

PP purpusely stripslashes

[It's a test\slash] is shown onscreen

Conclusion: stored in table incorrectly but shows onscreen correctly

PHP magic quotes is OFF and VB3_INTEGRATION is ON

User enters [It's a test\slash]

PP purposely stripslashes -> vB does not addslashes according to PHP -> PP purposely addslashes

[It's a test\slash] is slashed as [It\'s a test\\slash] and stored in the table as [It's a test\slash]

PP purpusely stripslashes

[It's a testslash] is shown onscreen

Conclusion: stored in table correctly but shows onscreen incorrectly

[Frost]

Ah c'mon Chuck, when you test "test\slash" with magic quotes set to off, do you see the slash onscreen?

[Chuck S]

LOL come on I am now trying to play catch up here on support issues and everything. I have been in 3 different states this weekend on my daughters soccer games.

Thanks for helping answer some questions while I was gone.

In the one scenerio you post above I get the same as you although yes only with vb3 integration set to on.

[Frost]

Yeah, yeah, hence that in my last post! When you get a chance, let me know if you see a slash onscreen when you test "test\slash" with magic quotes set to off.

[Chuck S]

Yes I know hense my LOL that doesnt translate maybe this does

Yes I get the same as you in post 45 is what I was saying.

[Frost]

I guess I'm not big on the 'ole LOL,

Code:

Content visible to verified customers only.

is better.

Code:

Content visible to verified customers only.

Now that you get [It's a test\slash] onscreen when magic quotes is ON and get [It's a testslash] onscreen when magic quotes is OFF (both assuming VB3_INTEGRATION is ON) you can see the problem with escaping.

Magic quotes ON or OFF, you should see that SAME thing onscreen, but that is NOT the case, and that, in short, indicates the problem.

[Chuck S]

yes I do see your point although I don't think anyone has ever done an intentional backslash in a description. Hense it was never seen easy enough to counter.

I don't get all the smilie things. I always laugh as I am generally a pretty jovial guy hense I always use I always forget though for that darn smilie to show you gotta put the semi-colons before and after. My teenage daughter could probally type smilies all day and not miss any as kids nowadays live on computers.

[Frost]

Now that you can see the escaping issue onscreen, I refer you to the following:

http://www.manucorp.com/archives/php...5/msg00098.php
http://lists.evolt.org/archive/Week-...12/120447.html
http://bugs.mysql.com/bug.php?id=6122
http://archives.neohapsis.com/archiv...4-12/0012.html

While, with magic quotes OFF and VB3_INTEGRATION ON, a backslash issue onscreen may occur with minimal chance, the current PP code, with magic quotes ON and VB3_INTEGRATION ON, stores extra slashes in MySQL and, regardless, there is the PHP stripslashes overhead.

It's PP's choice whether or not to correct the escaping issue, not to mention the redundant vB related code.

Basically, PP needs to decide where to draw the line between hand waving and professionalism.

[Chuck S]

Okay well the examples you provided I think instead of going into things to indepth with trying to alter just for VB integration but the proper answer would be to remove all addslashes and stripslashes throughout our program and instead just rewrite the magic setting to add or strip appropriately.

[Frost]

I already posted a suggested fix. It is up to PP to test the fix.

[Chuck S]

Right as I stated your fix might allow us to remove stripslashes for VB integration but thats just a temp fix as I beleive the proper fix to remove it for every integration would be to rewrite our way of grabbing the variables etc.

[Frost]

Sounds like fun.

[Chuck S]

Yes it is I am sure. Just something I noticed looking at your fix which would surely override it for VB

Because Michael choose to do things a different way in his coding by addslashes and stripslashes for queries the long term solution that would work for all integrations would be to initialize the variables differently Globally similar to VB and as your solution does for VB just remove the stripslashes throughout the program and this little glitch would be corrected for all 15 integrations.

[Frost]

Ah, but then you have a problem with people already using the PP scripts b/c their tables may have those cute 'lil extraneous slashes in them. And, oh the poor souls who may have changed their magic quotes settings during the course of running PP scripts. So, it seems there is going to be a need for a clean tables of slashes script too, where the users decide if they want to run it.

[Chuck S]

Yes Yes Yes I know