I am trying to turn magic quotes off in PHP but cannot get it to disable - I have set the below in /usr/local/lib/php.ini and restarted Apache but it has made no difference.
; Magic quotes
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
phpinfo confirms these are all set to Off.
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
I then tried adding
php_flag magic_quotes_gpc off
to htaccess but that gives a 500 Internal Server error - looking in error_log there is nothing added to tell me why this might be happening.
Server is running Centos 5.8 64 bit with CPanel/WHM and the front end is Wordpress with a custom PHP application in the background. PHP version is 5.3.18 and Loaded Configuration File is /usr/local/lib/php.ini
The reason I think it is not working is that the following message which is pulled from MySQL where it had mysql_real_escape_string, addslashes and htmlspecialchars applied to it before adding to the database.
The original message is:
This is a "how to" question. I don't think it is covered in the notes - sorry if I've missed it.
It gets added to MySQL as:
This is a "how to" question. I don\'t think it is covered in the notes - sorry if I\'ve missed it.
When it is then displayed on the screen it displays as:
This is a \\"how to\\" question. I don\\\'t think it is covered in the notes - sorry if I\\\'ve missed it.
And when stripslashes is then applied to this, it becomes:
This is a \"how to\" question. I don\'t think it is covered in the notes - sorry if I\'ve missed it.
What am I doing wrong or what else can I try?