Unwanted slash on input

26 February 2009, 21:29

I hope someone is able before march 4th.

I've the following configuration:
VirtualHost {
PreventSQLi = no
WebsiteRoot = /srv/www/htdocs/mysitename/httpdocs
Hostname =
AccessLogfile = /srv/www/htdocs/mysitename/log/acces.log
ErrorLogfile = /srv/www/htdocs/mysitename/log/error.log
StartFile = index.php
UseToolkit = simplerewrite
ExecuteCGI = yes
FastCGI = PHP5
TimeForCGI = 60
PreventXSS = no
SecureURL = false

The problem is: every input by $_POST is being slashed.
' becomes \'
\ becomes \\
" becomes \"

Why is this? How can I disable it???

Many Thanks!

Hugo Leisink
1 March 2009, 23:22
It's a PHP setting. Set gpc_magic_quotes in php.ini to 'No'.
2 March 2009, 16:38
Thanks for your reply. In my php.ini file I find this setting:

magic_quotes_gpc = Off

I believe this is correct and shouldn't mess up things.

h# find / -name php.ini

# cat /etc/php5/fastcgi/php.ini | grep magic
; - magic_quotes_gpc = Off [Performance]
magic_quotes_gpc = Off
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

I use OpenSuse and I've no apache installed (should not make any difference ).

How can I asure it's PHP's messing up things? When I had apache installed, i had no problems at all...
I'm 100% sure that the slashes are not added by a PHP Function in the script.
4 March 2009, 23:05
I dont know a solution, but I know a temporary solution.
echo stripslashes($_POST['message']);
echo $_POST['message'];
Hugo Leisink
5 March 2009, 02:08
Hiawatha only adds slashes when PreventSQLi is set to 'yes'. If it's not, it must be PHP which adds the slashes. Have you tried restarting the PHP FastCGI daemon?
5 March 2009, 15:31
Hi... I'm a dumb person...

In my hiwatha fastcgi configfile I did not include the php.ini

This was because of a strange thing. When I've had the php.ini included, php did not just show the output, but also a large part of the phpcode itself. Offcourse that's not what I wanted, so I disabled it.

Now, I've enabled it, and I've no slash-problem anymore. However, the code on my screen problem still remains. Is there a php.ini option for that? (When I use my old Apache config it did not show the code, and I had no slash-bug, but other things were not working correctly).

I know it's not an hiawatha issue, but I hope you've the knowledge to safe me a lot of trouble and time.
Hugo Leisink
5 March 2009, 16:09
Do you start your scripts with '<?' instead of '<?php'? If so, you need to set 'short_open_tag' to 'On'. Otherwise, PHP will not see your scripts as code, but as plain text and it will therefor show the code in the browser.

A difference between configuring PHP for Hiawatha and Apache is that Apache uses mod_php (which uses /etc/php/apache/php.ini) and Hiawatha uses php-cgi (which uses /etc/php/cgi/php.ini). So, make sure you edit the right php.ini!
5 March 2009, 21:29
Everything works fine now.

Thanks for your time and thanks for writing Hiawatha.
This topic has been closed.