[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Need Help - phpMyadmin and Magic quotes

Subject: RE: [cobalt-users] Need Help - phpMyadmin and Magic quotes
From: "Clark E. Morgan" <prlhkr@xxxxxxxxxxxxx>
Date: Wed Mar 28 20:55:00 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> The following is in the error log:
> .htaccess: php_value not allowed here

Magic Quotes, I hate them. I run phpMyAdmin without them, as well
as a few other items of this type that say they are necessary for
proper functions. Magic Quotes doesn't do anything a few escape
characters in your queries can't do. I just don't trust php's
decision making in this regard; but if you are determined...

First, you still need magic_quotes compiled in. This is the default
on 4.* but needs an explicit option at configure time in php3. If you
are running the .pkg for php3, magic quotes are in there.

Second, all config options for php3 should be prefaced php3_ rather
than php_

Third, magic quotes is, I THINK, a flag rather than a name/value pair. 
So for php3 the correct line is

php3_flag magic_quotes_gpc on

and for php4

php_flag magic_quotes_gpc on

might still have to replace flag with value in those; but it can't hurt to
try it both ways, worst that can happen is apache will tell you to sod off.

Finally, php has to be compiled as an apache module for this to work
in .htaccess, otherwise, you are stuck with the global php3.ini or
php.ini

Note that the .htaccess files are a better place for these than httpd.conf
so that you can control the params by directory. You should let php*.ini
control any global settings. If for some reason you feel you must put these
items in httpd.conf, they need to go after php is loaded as a module so
that apache will have the information necessary to make some sense of them.

If magic quotes is not compiled in and you are not up for a recompile,
you can write your own quick function quite easily to do the same thing,
then, better even than controlling the application of this or any other
*feature* to a directory, you can control it by the script or even a
query within a script.

Something like

function fixQuotes($str) {
	ereg_replace("\\", "\\\\", $str);
	ereg_replace("\'", "\\'", $str);
	ereg_replace("\"", "\\"", $str);
}

Clark E. Morgan

References:
- [cobalt-users] Need Help - phpMyadmin and Magic quotes
  - From: tob

Prev by Date: RE: [cobalt-users] Hidden backdoor in GUI to put wildcards in DNS!
Next by Date: Re:[cobalt-users] FAT pipes. 404 errors, list cops and then some
Previous by thread: Re: [cobalt-users] Need Help - phpMyadmin and Magic quotes
Next by thread: RE: [cobalt-users] SSH Confusion..._

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index