Third Party Integration Issue: magic_quotes

8 posts by 2 authors in: Forums > CMS Builder
Last Post: June 14, 2010   (RSS)

By theclicklab - June 14, 2010

Hi there,

I have an issue where another developer has an application form which is being wrapped in my CMS Builder template that I have provided.

This application form is relying on magic_quotes_gpc being set to "on" - which it is.

The application form is throwing errors when quotes are included in the form and the only diference between the old one and the new one is that is now wrapped in my template.

I assume that this something to do with CMS builder settings. Does this override the magic_quotes_gpc setting?

Any other ideas on what might be causing this?

Many thanks,
Jan

Re: [aquaman] Third Party Integration Issue: magic_quotes

By theclicklab - June 14, 2010

OK, so I discovered that cmsb turns off magic_quotes by default. Is there a way to override this just for this template by including something like:

<?php ini_set ('magic_quotes_gpc', 1); ?>

I've tried this but it does not seem to work. php version 4.4.8

Thanks!

Re: [aquaman] Third Party Integration Issue: magic_quotes

By Jason - June 14, 2010

Hi Jan,

When you say the form is being wrapped in your CMS Builder template, do you mean that CMS Builder is putting information into the form?

Could you attach the .php file in question as well as a link to the page so I can see what errors are being created?

Thanks.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Third Party Integration Issue: magic_quotes

By theclicklab - June 14, 2010

Hi Jason, here are the files:

Basically I've provided a template to another developer who has put this together - inserting their code into the cmsb template.

I'll send you a private message for the form with data in it so you can see what happens when you include quotes in any of the fields.

template_public.inc.php - this is the cmsb template

In it I have tried to enable magic quotes by including: ini_set ('magic_quotes_gpc', 1);

application_form.inc.php - this is the third party form

Many Thanks
Jan

Re: [aquaman] Third Party Integration Issue: magic_quotes

By Jason - June 14, 2010

Hi,

The issue is a MySQL one. If you put a single quote (') or a double quote (") into a mysql query, it assumes it's the end of a string, and can cause a syntax error.

What you need to do is to "escape" these characters. This means you let MySQL know that you want it to treat those quotes and double quotes as characters instead of the end of a string.

The best way to do this would be to use this function for each value you take in from the form:
mysql_escape($variable)

If you use this where you insert your values into the MySQL string, it should take care of those issues for you.

Give that a try and let me know if you run into any issues.

Thanks.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/

Re: [Jason] Third Party Integration Issue: magic_quotes

By theclicklab - June 14, 2010

Hi Jason, Thanks for that...

So the problem I'm having is this is another developer's application and they are saying everything was working perfectly fine before integration with cmsb and I don't want to go tinkering with their code.

They are relying on magic_quote being turned on which cmsb overrides and switches off.

So, is there a way to turn magic quote back on just in this template?

If not I will just give them a static page without any cmsb code in it, might be easier that way anyway.

Many thanks
Jan

Re: [aquaman] Third Party Integration Issue: magic_quotes

By Jason - June 14, 2010

Hi,

CMS Builder does disable magic_quotes as it can cause a lot of problems throughout the system. Magic_quotes is highly discouraged by the authors of php.

The easiest fix would be to have them add the code I gave you to their query. If you don't want to use that, they can use the addslashes() function.

If they're not able to do this for you, I can take a look at it and see if I can put it in for you. It should be pretty easy.

Hope this helps.
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com

Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/