Why are My AJAX POST Variables Escaped on the Production Server But Not on the Local Server?

Why are $_POST Variables Escaping in PHP?

Problem:

In PHP, the $_POST variables received from AJAX POST requests are escaped on a production server while they remain intact on a local server. The local server runs PHP 5.3.1 on Windows, while the production server runs PHP 5.2.12 on Linux.

Reason:

The discrepancy between the two servers is likely due to the use of magic quotes on the production server.

Magic Quotes:

Magic quotes are a deprecated feature in PHP that automatically escapes certain characters in $_GET, $_POST, and $_COOKIE variables to protect against SQL injection and other attacks. The escaped characters include:

• Single quotes (')
• Double quotes (")
• Backslashes ()
• Null character (NUL)

Solution:

To resolve the issue and ensure consistent behavior across both servers, you can disable magic quotes on the production server. This can be done either globally in php.ini or per-script using set_magic_quotes_runtime().

If disabling magic quotes is not possible, you can manually remove the slashes using the stripslashes() function on any POST data you fetch:

<code class="php">if (get_magic_quotes_gpc()) {
    $my_post_var = stripslashes($_POST["my_post_var"]);
}</code>

By disabling or handling magic quotes appropriately, you can ensure that $_POST variables are not escaped on the production server, allowing the AJAX POST requests to function correctly.

The above is the detailed content of Why are My AJAX POST Variables Escaped on the Production Server But Not on the Local Server?. For more information, please follow other related articles on the PHP Chinese website!