Why are My $_POST Variables Escaped on My Production Server But Not My Local Server?

Why Escaping Happens to $_POST Variables in PHP

Question:

Why are $_POST variables being escaped in a PHP script when receiving data from an AJAX POST request? This occurs on a production server running PHP 5.2.12 on Linux, but not on a local server running PHP 5.3.1 on Windows.

Answer:

Magic quotes, specifically magic_quotes_gpc, are likely enabled on the Linux server.

Explanation:

Magic quotes automatically escape certain characters (single and double quotes, backslashes, and null bytes) in data received from external sources, including POST requests. When these quotes are on, you should disable them because they will affect how POST variables get referenced.

Possible Solutions:

• Disable magic quotes in php.ini: If possible, disable magic quotes in the php.ini configuration file.
• Use stripslashes(): Check if magic quotes are enabled with get_magic_quotes_gpc(). If they are, use stripslashes() on any data fetched from POST variables:

<code class="php">if (get_magic_quotes_gpc()) {
    $my_post_var = stripslashes($_POST["my_post_var"]);
}</code>

Note: This solution strips slashes from all POST data, so use it selectively based on your requirements.

The above is the detailed content of Why are My $_POST Variables Escaped on My Production Server But Not My Local Server?. For more information, please follow other related articles on the PHP Chinese website!