Escaping not working
Archived from the Xataface Users forum.
ururk — Sun Jan 16, 2011 5:07 pm
For some reason, character escaping is not working as expected.
In any textarea or text input field, if a vertical quote is used, the resulting record has a backslash in front of the single quote, and the remainder of the field is truncated.
Just to be on the safe side (though it was unlikely the issue), I set UTF-8 in my .htaccess file (AddDefaultCharset UTF-8), all my tables are UTF-8, conf.ini has the appropriate lines at the beginning:
- Code: Select all
default_oe=UTF-8 default_ie=UTF-8
Using php 5.2.+, Xataface 1.2.6. This problem was happening with 1.2.4. Thoughts?
ururk — Sun Jan 16, 2011 5:41 pm
It is highly unlikely a character encoding issue, but I wanted to get that possibility out of the way. Additionally, I am able to save accented characters in the database.
shannah — Sun Jan 16, 2011 5:54 pm
Disable magic quotes in php. That is likely the culprit.
ururk — Sun Jan 16, 2011 6:06 pm
They are off:
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
ururk — Sun Jan 16, 2011 6:19 pm
I wonder if WordPress is escaping the content (I’m running Xataface inside of a WP template file).
Edit - looks like it is. Sorry about this! Will post what I find out, though.
ururk — Sun Jan 16, 2011 6:40 pm
I call Xataface in a wordprss template file. I added:
- Code: Select all
$_POST = array_map( 'stripslashes_deep', $_POST ); $_GET = array_map( 'stripslashes_deep', $_GET ); $_COOKIE = array_map( 'stripslashes_deep', $_COOKIE ); $_REQUEST = array_map( 'stripslashes_deep', $_REQUEST );
Right before the dataface call. I found the example here:
http://fearlessflyer.com/2009/08/gettin … orm-input/
Though I don’t recommend adding this to your entire site, just parts that need it. The best reference is here: