Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Dec 2011
    Posts
    201
    Thanks
    12
    Thanked 26 Times in 26 Posts

    Magic quotes | Joomla instal | PHP disable

    Hey everyone, I am trying to disable magic quotes...

    before I do though can we talk about what it means.

    I found this http://www.php.net/manual/en/securit...uotes.what.php

    but laymen terms would be cool for a front end guy. Also from there which disable choice should I choose? http://www.php.net/manual/en/securit....disabling.php

    The reason I am here is to start this Joomla install.



    thanks
    Last edited by SeattleMicah; 01-26-2012 at 07:09 AM.

  • #2
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by SeattleMicah View Post
    Hey everyone, I am trying to disable magic quotes...

    before I do though can we talk about what it means.

    I found this http://www.php.net/manual/en/securit...uotes.what.php

    but laymen terms would be cool for a front end guy. Also from there which disable choice should I choose?
    The manual page you linked is pretty laymen in the description. Just to expand on that some more, any GPC(GET, POST, COOKIE) data will get escaped automatically when magic_quotes_gpc is on. This is to prevent poor code from allowing SQL injection, and a few other issues. For example, if you don't escape user input:
    PHP Code:
    mysql_query('INSERT INTO `users` (`id`, `username`) VALUES(NULL, \'' $_POST['username'] . '\')'); 
    Someone could post a username like "user'); DROP TABLE `users`;--" and wipe out your table. Magic Quotes was intended to prevent such issues, but it causes issues with code that escapes data properly because the data gets escaped twice. So, it's recommended to disable it and don't depend on it because it's deprecated and will be removed in upcoming PHP releases. As to which option you should use to disable it: go for Example 1 if possible. Either of the options for example 1 will disable it at the server level, and that is ideal. Example 2 doesn't disable it; it simply undoes the escaping and that won't change the Joomla flag to off. Joomla might do something similar to example 2 automatically, but I can't confirm that.

  • #3
    Regular Coder
    Join Date
    Dec 2011
    Posts
    201
    Thanks
    12
    Thanked 26 Times in 26 Posts
    Thank you for the info. I don't 100% understand what your saying but im diving in head first to the server side stuff so just trying to cover my bases.

    Scripting attacks like that will have to be learned the hard way, fortunately its just for my practice.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •