Guest Posted October 19, 2005 Share Posted October 19, 2005 I have searched the forum several times on my own for the answer to this question, and cannot find it, so I am posting. Each time I insert a product description (really, any sort of text) that uses a ' or " character, OSC is adding a backslash to make the character "literal" and not part of query code. I understand why this is happening, and I am fine with it. However...if I preview a product description, then go back to make another change, OSC adds another backslash. Preview, go back, another backslash! Is there any way to turn this feature off? Thanks in advance! Shaun Link to comment Share on other sites More sharing options...
Guest Posted October 19, 2005 Share Posted October 19, 2005 I don't see it here, do you have an html editor integrated with the osc when you edit the various descriptions? Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2005 Share Posted October 20, 2005 By "html editor" are you talking about Dreamweaver or something like that? The formatting that I have been using is generally pretty simple font decoration stuff that I add by hand. I was hoping that wrapping the text inside an html tag would help, but OSC must be parsing the description as regular text. Link to comment Share on other sites More sharing options...
kgt Posted October 20, 2005 Share Posted October 20, 2005 The only thing I can imagine is that your host has magic_quotes_gpc or magic_quotes_runtime turned on, which is supposed to automatically add the slashes. OSC also calls addslashes(), which adds a second set of slashes. However, OSC should check for whether magic_quotes_gpc is turned on, so maybe something funny is going on. Go to Admin > Tools > Server Info and search for these three entries: magic_quotes_gpc magic_quotes_runtime magic_quotes_sybase Do they say Off or On? Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2005 Share Posted October 20, 2005 magic_quotes_gpc - on magic_quotes_runtime - off magic_quotes_sybase - off I'm not sure if I could, or would even want this feature turned off, though. Could I work around it if I upload descriptions straight to the database? Link to comment Share on other sites More sharing options...
kgt Posted October 20, 2005 Share Posted October 20, 2005 You don't necessarily need to have it on or off. The code is supposed to be checking for this, and for some reason, something's not going right. In admin/includes/functions/compatibility.php around line 13, you should see the following: //// // Recursively handle magic_quotes_gpc turned off. // This is due to the possibility of have an array in // $HTTP_xxx_VARS // Ie, products attributes function do_magic_quotes_gpc(&$ar) { if (!is_array($ar)) return false; while (list($key, $value) = each($ar)) { if (is_array($value)) { do_magic_quotes_gpc($value); } else { $ar[$key] = addslashes($value); } } } // $HTTP_xxx_VARS are always set on php4 if (!is_array($HTTP_GET_VARS)) $HTTP_GET_VARS = array(); if (!is_array($HTTP_POST_VARS)) $HTTP_POST_VARS = array(); if (!is_array($HTTP_COOKIE_VARS)) $HTTP_COOKIE_VARS = array(); // handle magic_quotes_gpc turned off. if (!get_magic_quotes_gpc()) { do_magic_quotes_gpc($HTTP_GET_VARS); do_magic_quotes_gpc($HTTP_POST_VARS); do_magic_quotes_gpc($HTTP_COOKIE_VARS); } Your code should look like that. If it does, try commenting out the last block: // handle magic_quotes_gpc turned off. /*if (!get_magic_quotes_gpc()) { do_magic_quotes_gpc($HTTP_GET_VARS); do_magic_quotes_gpc($HTTP_POST_VARS); do_magic_quotes_gpc($HTTP_COOKIE_VARS); }*/ Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
keltic Posted October 20, 2005 Share Posted October 20, 2005 This seems to be a "FEATURE" of the program, editting, previewing and clicking on the back button causes this. If you update your product first and then go back in and re-edit it won't happen. Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2005 Share Posted October 20, 2005 kgt: I changed the code, and no dice. In doing so, I realized that it is adding "\" at an exponential rate, not just adding 1 character each time. I hate the thought add any extra work to myself(I'm dealing with over 7000 records), but I guess that I could use the special character code for my single and double quotes. Link to comment Share on other sites More sharing options...
kgt Posted October 20, 2005 Share Posted October 20, 2005 kgt:I changed the code, and no dice. In doing so, I realized that it is adding "\" at an exponential rate, not just adding 1 character each time. Yes, this is what happens when magic_quotes_gpc is on and addslashes is still being called. This is not a pretty thing to deal with, and as you've seen, it will get worse and worse. I hate the thought add any extra work to myself(I'm dealing with over 7000 records), but I guess that I could use the special character code for my single and double quotes. If you don't fix it, the slashes will find a way to still creep into your data. It's like Murphy's Law. The best option is to fix it, and then clean the data in the database. If you try to work around it, especially with 7000 products, you'll invariably miss something. It can be done, but it can take some sluething to find the culprit. Using the HTML special characters will solve this problem, but they won't display correctly in plain text, such as in plain text emails. It's much easier to keep data clean than it is to go back and clean it up. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2005 Share Posted October 20, 2005 you could also check your categories.php when the variables are re-posted. The code should be: // Re-Post all POST'ed variables reset($HTTP_POST_VARS); while (list($key, $value) = each($HTTP_POST_VARS)) { if (!is_array($HTTP_POST_VARS[$key])) { echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value))); } } each parameter should be passed through the stripslashes function Link to comment Share on other sites More sharing options...
Guest Posted October 20, 2005 Share Posted October 20, 2005 you could also check your categories.php when the variables are re-posted. The code should be: // Re-Post all POST'ed variables reset($HTTP_POST_VARS); while (list($key, $value) = each($HTTP_POST_VARS)) { if (!is_array($HTTP_POST_VARS[$key])) { echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value))); } } each parameter should be passed through the stripslashes function I was good until here. Are you talking about the /includes/boxes/categories.php? I Don't see any code like the above in this file. Link to comment Share on other sites More sharing options...
kgt Posted October 20, 2005 Share Posted October 20, 2005 When you edit products, you're using the admin/categories.php file. enigma is saying check that all input and output goes through the proper addslashes and stripslashes functions in that file. You actually want to make sure addslashes is called as well if you use stripslashes. Imagine you have a product like so: Dog\Cat Calling stripslashes on this will remove your intentional backslash. All around, it's a very messy situation. I'd suggest though, instead of addslashes and stripslashes, you use the tep_ functions: tep_db_input($string) //addslashes tep_db_prepare_input($string) //stripslashes This way, if you want to change how addslashes and stripslashes work, you only need to change the tep_ functions, and not search through all your code to find the addslashes and stripslashes calls. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
Guest Posted October 21, 2005 Share Posted October 21, 2005 kgt: Did I mention that I am PHP challenged? Found this line of code: /* Re-Post all POST'ed variables */ reset($HTTP_POST_VARS); while (list($key, $value) = each($HTTP_POST_VARS)) { if (!is_array($HTTP_POST_VARS[$key])) { echo tep_draw_hidden_field($key, htmlspecialchars(stripslashes($value))); } } But what does that code do? And where would, I add: tep_db_input($string) //addslashes tep_db_prepare_input($string) //stripslashes to this file? Thanks! Link to comment Share on other sites More sharing options...
irishcavan Posted November 16, 2005 Share Posted November 16, 2005 In regards to the below information. I have installed the Product Extra Fields Contribution, however, when I add the fix for the backslashes, I STILL get the backslashes. Can anyone help me? Here is the code I have in my admin/categories.php file: // START: Extra Fields Contribution if ($HTTP_POST_VARS['extra_field']) { // Check to see if there are any need to update extra fields. foreach ($HTTP_POST_VARS['extra_field'] as $key=>$val) { echo tep_draw_hidden_field('extra_field['.$key.']', stripslashes($val)); } } // Check to see if there are any need to update extra fields. // END: Extra Fields Contribution echo tep_draw_hidden_field('products_image', stripslashes($products_image_name)); Thanks, Irish When you edit products, you're using the admin/categories.php file. enigma is saying check that all input and output goes through the proper addslashes and stripslashes functions in that file. You actually want to make sure addslashes is called as well if you use stripslashes. Imagine you have a product like so: Dog\Cat Calling stripslashes on this will remove your intentional backslash. All around, it's a very messy situation. I'd suggest though, instead of addslashes and stripslashes, you use the tep_ functions: tep_db_input($string) //addslashes tep_db_prepare_input($string) //stripslashes This way, if you want to change how addslashes and stripslashes work, you only need to change the tep_ functions, and not search through all your code to find the addslashes and stripslashes calls. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.