Third Party Integration Issue: magic_quotes

8 posts by 2 authors in: Forums > CMS Builder
Last Post: June 14, 2010   (RSS)

Re: [aquaman] Third Party Integration Issue: magic_quotes

OK, so I discovered that cmsb turns off magic_quotes by default. Is there a way to override this just for this template by including something like:

<?php ini_set ('magic_quotes_gpc', 1); ?>

I've tried this but it does not seem to work. php version 4.4.8

Thanks!

Re: [aquaman] Third Party Integration Issue: magic_quotes

By Jason - June 14, 2010

Hi Jan,

When you say the form is being wrapped in your CMS Builder template, do you mean that CMS Builder is putting information into the form?

Could you attach the .php file in question as well as a link to the page so I can see what errors are being created?

Thanks.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Third Party Integration Issue: magic_quotes

Hi Jason, here are the files:

Basically I've provided a template to another developer who has put this together - inserting their code into the cmsb template.

I'll send you a private message for the form with data in it so you can see what happens when you include quotes in any of the fields.

template_public.inc.php - this is the cmsb template

In it I have tried to enable magic quotes by including: ini_set ('magic_quotes_gpc', 1);

application_form.inc.php - this is the third party form

Many Thanks
Jan

Re: [Jason] Third Party Integration Issue: magic_quotes

Also, no info is being put into the form from cmsb...

Re: [aquaman] Third Party Integration Issue: magic_quotes

By Jason - June 14, 2010

Hi,

The issue is a MySQL one. If you put a single quote (') or a double quote (") into a mysql query, it assumes it's the end of a string, and can cause a syntax error.

What you need to do is to "escape" these characters. This means you let MySQL know that you want it to treat those quotes and double quotes as characters instead of the end of a string.

The best way to do this would be to use this function for each value you take in from the form:
mysql_escape($variable)

If you use this where you insert your values into the MySQL string, it should take care of those issues for you.

Give that a try and let me know if you run into any issues.

Thanks.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Third Party Integration Issue: magic_quotes

Hi Jason, Thanks for that...

So the problem I'm having is this is another developer's application and they are saying everything was working perfectly fine before integration with cmsb and I don't want to go tinkering with their code.

They are relying on magic_quote being turned on which cmsb overrides and switches off.

So, is there a way to turn magic quote back on just in this template?

If not I will just give them a static page without any cmsb code in it, might be easier that way anyway.

Many thanks
Jan

Re: [aquaman] Third Party Integration Issue: magic_quotes

By Jason - June 14, 2010

Hi,

CMS Builder does disable magic_quotes as it can cause a lot of problems throughout the system. Magic_quotes is highly discouraged by the authors of php.

The easiest fix would be to have them add the code I gave you to their query. If you don't want to use that, they can use the addslashes() function.

If they're not able to do this for you, I can take a look at it and see if I can put it in for you. It should be pretty easy.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/