Having a problem with single quote/apostophes in some php I am writing to parse smilies.
The single quote is the bane of my life, but here goes.
First here’s some of the code…
First my array which holds the smiley and the filename of that smiley.
This is a separate file (smiley-map.php).
<?php
$smilies = array (
array('code' => ':)', 'filename' => 'smiley.gif'),
array('code' => ':(', 'filename' => 'sad.gif'),
array('code' => ';)', 'filename' => 'wink.gif'),
array('code' => ':D', 'filename' => 'grin.gif'),
array('code' => ';D', 'filename' => 'cheesy.gif'),
array('code' => '>:-(', 'filename' => 'angry.gif'),
array('code' => ':O', 'filename' => 'shocked.gif'),
array('code' => '8)', 'filename' => 'cool.gif'),
array('code' => '???', 'filename' => 'huh.gif'),
array('code' => '::-)', 'filename' => 'rolleyes.gif'),
array('code' => ':P', 'filename' => 'tongue.gif'),
array('code' => ':-[', 'filename' => 'embarrassed.gif'),
array('code' => ':*', 'filename' => 'lipsrsealed.gif'),
array('code' => ':-/', 'filename' => 'undecided.gif'),
array('code' => ':x', 'filename' => 'kiss.gif'),
array('code' => ':\'(', 'filename' => 'cry.gif'),
array('code' => '>:-D', 'filename' => 'evil.gif'),
array('code' => '^-^', 'filename' => 'azn.gif'),
array('code' => 'O0', 'filename' => 'afro.gif'),
array('code' => 'LOL', 'filename' => '2funny.gif'),
array('code' => ':bash:', 'filename' => 'knuppel2.gif'),
array('code' => '>_<', 'filename' => 'tickedoff.gif'),
array('code' => ':?', 'filename' => 'idiot.gif'),
array('code' => ':!', 'filename' => 'uglystupid.gif'),
);
?>
Then I parse them in a simple manner like this :
<?php
function parseSmilies($string)
{
require_once("smilies/smiley-map.php");
for ($i = 0; $i < count($smilies); $i++)
{
$filename = '<img src="smilies/' . $smilies[$i]['filename'] . '" alt="smiley" title="' . $smilies[$i]['code'] . '" />';
$string = str_replace($smilies[$i]['code'], $filename, $string);
}
return $string;
}
?>
So it goes…include smile map…array now available…search string for codes…swap code for image tag.
This all works fine on my local machine (XAMPP). But when I upload and run it in myserver, it misses the cry one :'(
I imagine this is the single quote causing a probelm, despite my having escaped it in the array..
Presumably there is some PHP setting that is affecting this ?
Could anyone advise please ?
Many thanks.
EDIT: $string originates from $_POST
This probably has something to do with Magic Quotes.
When Magic Quotes are turned on in your PHP server, the
'in all superglobals ($_GET,$_POSTetc.) gets replaced with\'and"gets replaced with\". This mechanism has been deprecated as of PHP 5.3.0 and removed as of PHP 5.4.0.However, most web-hosting servers do not even have PHP 5.3.0 yet, while private servers like XAMPP are likely to have a more recent version of PHP. So your localhost probably will not have Magic Quotes turned on while your webserver will.
Magic Quotes makes it impossible to perform SQL injection when including a superglobal value directly into the query. For example:
Someone entering a
1" OR "1" = "1in thepasswordfield could easily change the query intoSELECT id FROM users WHERE name = "admin" AND password = "1" OR "1" = "1"effectively logging in on the administrator account without knowing the password.That said, I think Magic Quotes was only a fallback mechanism for people not securing their input and you should always turn it off. It’s a better practice to secure your own application instead of letting PHP do it.
Disabling Magic Quotes
This can be done using
php.inibut I suppose you don’t have access to that file on a hosted server. The following snippet emulates disabling Magic Quotes: