Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Need help with backslashes in product descriptions


Guest

Recommended Posts

I have searched the forum several times on my own for the answer to this question, and cannot find it, so I am posting. Each time I insert a product description (really, any sort of text) that uses a ' or " character, OSC is adding a backslash to make the character "literal" and not part of query code. I understand why this is happening, and I am fine with it. However...if I preview a product description, then go back to make another change, OSC adds another backslash. Preview, go back, another backslash! Is there any way to turn this feature off?

 

Thanks in advance!

Shaun

Link to comment
Share on other sites

By "html editor" are you talking about Dreamweaver or something like that? The formatting that I have been using is generally pretty simple font decoration stuff that I add by hand. I was hoping that wrapping the text inside an html tag would help, but OSC must be parsing the description as regular text.

Link to comment
Share on other sites

The only thing I can imagine is that your host has magic_quotes_gpc or magic_quotes_runtime turned on, which is supposed to automatically add the slashes. OSC also calls addslashes(), which adds a second set of slashes. However, OSC should check for whether magic_quotes_gpc is turned on, so maybe something funny is going on.

 

Go to Admin > Tools > Server Info and search for these three entries:

 

magic_quotes_gpc

magic_quotes_runtime

magic_quotes_sybase

 

Do they say Off or On?

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

magic_quotes_gpc - on

magic_quotes_runtime - off

magic_quotes_sybase - off

 

I'm not sure if I could, or would even want this feature turned off, though. Could I work around it if I upload descriptions straight to the database?

Link to comment
Share on other sites

You don't necessarily need to have it on or off. The code is supposed to be checking for this, and for some reason, something's not going right. In admin/includes/functions/compatibility.php around line 13, you should see the following:

 

////
// Recursively handle magic_quotes_gpc turned off.
// This is due to the possibility of have an array in
// $HTTP_xxx_VARS
// Ie, products attributes
 function do_magic_quotes_gpc(&$ar) {
if (!is_array($ar)) return false;

while (list($key, $value) = each($ar)) {
  if (is_array($value)) {
	do_magic_quotes_gpc($value);
  } else {
	$ar[$key] = addslashes($value);
  }
}
 }

// $HTTP_xxx_VARS are always set on php4
 if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array();
 if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array();
 if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array();

// handle magic_quotes_gpc turned off.
 if (!get_magic_quotes_gpc()) {
do_magic_quotes_gpc($HTTP_GET_VARS);
do_magic_quotes_gpc($HTTP_POST_VARS);
do_magic_quotes_gpc($HTTP_COOKIE_VARS);
 }

 

Your code should look like that. If it does, try commenting out the last block:

 

// handle magic_quotes_gpc turned off.
 /*if (!get_magic_quotes_gpc()) {
do_magic_quotes_gpc($HTTP_GET_VARS);
do_magic_quotes_gpc($HTTP_POST_VARS);
do_magic_quotes_gpc($HTTP_COOKIE_VARS);
 }*/

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

kgt:

I changed the code, and no dice. In doing so, I realized that it is adding "\" at an exponential rate, not just adding 1 character each time.

 

I hate the thought add any extra work to myself(I'm dealing with over 7000 records), but I guess that I could use the special character code for my single and double quotes.

Link to comment
Share on other sites

kgt:

I changed the code, and no dice. In doing so, I realized that it is adding "\" at an exponential rate, not just adding 1 character each time.

 

Yes, this is what happens when magic_quotes_gpc is on and addslashes is still being called. This is not a pretty thing to deal with, and as you've seen, it will get worse and worse.

 

I hate the thought add any extra work to myself(I'm dealing with over 7000 records), but I guess that I could use the special character code for my single and double quotes.

 

If you don't fix it, the slashes will find a way to still creep into your data. It's like Murphy's Law. The best option is to fix it, and then clean the data in the database. If you try to work around it, especially with 7000 products, you'll invariably miss something. It can be done, but it can take some sluething to find the culprit.

 

Using the HTML special characters will solve this problem, but they won't display correctly in plain text, such as in plain text emails. It's much easier to keep data clean than it is to go back and clean it up.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

you could also check your categories.php when the variables are re-posted. The code should be:

 

// Re-Post all POST'ed variables
  reset($HTTP_POST_VARS);
  while (list($key, $value) = each($HTTP_POST_VARS)) {
	if (!is_array($HTTP_POST_VARS[$key])) {
	  echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value)));
	}
  }

 

each parameter should be passed through the stripslashes function

Link to comment
Share on other sites

you could also check your categories.php when the variables are re-posted. The code should be:

 

// Re-Post all POST'ed variables
  reset($HTTP_POST_VARS);
  while (list($key, $value) = each($HTTP_POST_VARS)) {
	if (!is_array($HTTP_POST_VARS[$key])) {
	  echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value)));
	}
  }

 

each parameter should be passed through the stripslashes function

 

I was good until here. Are you talking about the /includes/boxes/categories.php? I Don't see any code like the above in this file.

Link to comment
Share on other sites

When you edit products, you're using the admin/categories.php file. enigma is saying check that all input and output goes through the proper addslashes and stripslashes functions in that file. You actually want to make sure addslashes is called as well if you use stripslashes. Imagine you have a product like so:

 

Dog\Cat

 

Calling stripslashes on this will remove your intentional backslash. All around, it's a very messy situation. I'd suggest though, instead of addslashes and stripslashes, you use the tep_ functions:

 

tep_db_input($string) //addslashes

tep_db_prepare_input($string) //stripslashes

 

This way, if you want to change how addslashes and stripslashes work, you only need to change the tep_ functions, and not search through all your code to find the addslashes and stripslashes calls.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

kgt:

Did I mention that I am PHP challenged? Found this line of code:

 

/* Re-Post all POST'ed variables */
  reset($HTTP_POST_VARS);
  while (list($key, $value) = each($HTTP_POST_VARS)) {
	if (!is_array($HTTP_POST_VARS[$key])) {
	  echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value)));
	}
  }

 

But what does that code do? And where would, I add:

tep_db_input($string) //addslashes

tep_db_prepare_input($string) //stripslashes

to this file?

 

Thanks!

Link to comment
Share on other sites

  • 4 weeks later...

In regards to the below information. I have installed the Product Extra Fields Contribution, however, when I add the fix for the backslashes, I STILL get the backslashes. Can anyone help me?

 

Here is the code I have in my admin/categories.php file:

 

// START: Extra Fields Contribution
  if ($HTTP_POST_VARS['extra_field']) { // Check to see if there are any need to update extra fields.
	foreach ($HTTP_POST_VARS['extra_field'] as $key=>$val) {
	  echo tep_draw_hidden_field('extra_field['.$key.']', stripslashes($val));
	}
  } // Check to see if there are any need to update extra fields.
  // END: Extra Fields Contribution

  echo tep_draw_hidden_field('products_image', stripslashes($products_image_name));

 

Thanks,

 

Irish

 

When you edit products, you're using the admin/categories.php file. enigma is saying check that all input and output goes through the proper addslashes and stripslashes functions in that file. You actually want to make sure addslashes is called as well if you use stripslashes. Imagine you have a product like so:

 

Dog\Cat

 

Calling stripslashes on this will remove your intentional backslash. All around, it's a very messy situation. I'd suggest though, instead of addslashes and stripslashes, you use the tep_ functions:

 

tep_db_input($string) //addslashes

tep_db_prepare_input($string) //stripslashes

 

This way, if you want to change how addslashes and stripslashes work, you only need to change the tep_ functions, and not search through all your code to find the addslashes and stripslashes calls.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...