Why Are My $_POST Variables Escaping on One Server But Not Another?

Why Are $_POST Variables Escaping on One Server But Not Another?

When dealing with AJAX POST requests, it's perplexing to encounter escaping of $_POST variables on one server but not the other. Let's investigate the cause and provide a solution.

The issue arises due to magic quotes, which are enabled on the Linux server but not on the Windows server. Magic quotes automatically escape certain characters in user input, including single and double quotes, backslashes, and nulls.

To resolve this discrepancy, disabling magic quotes is recommended. However, it's important to note that magic quotes will be removed from PHP 6 onwards. In the meantime, you can deactivate them at runtime, although this approach only disables character escaping for sybase (UnixODBC).

For cases where deactivating magic quotes isn't feasible, a workaround is to check whether magic quotes are enabled and apply stripslashes() to POST content:

<code class="php">if (get_magic_quotes_gpc()) {
 $my_post_var = stripslashes($_POST["my_post_var"]);
}</code>

By following these steps, you can ensure that $_POST variables are handled consistently across different servers, regardless of magic quote settings.

The above is the detailed content of Why Are My $_POST Variables Escaping on One Server But Not Another?. For more information, please follow other related articles on the PHP Chinese website!