0

Hello Daniweb,

I am facing a problem with my web host, 123-Reg and their basic Linux startup package. To summarise what this package contains, it is a small scale shared hosting environment with support for PHP.

I am developing a content management system which writes data to a flat file DB, as the client I am working for doesn't want to purchase a database to go alongside the hosting.

The simplified code I am using is as follows:

<?php

    session_start();

    $Content = $_POST['Content'];
    $Category = $_POST['Category'];
    $Page = $_POST['Page'];


    file_put_contents($_SERVER['DOCUMENT_ROOT'].'/usr/SiteFiles/'.$Page, $Content);

    $Links = file_get_contents($_SERVER['DOCUMENT_ROOT'].'/usr/SysFiles/'.$Category);
    $Links = $Links.$Page."*";

    file_put_contents($_SERVER['DOCUMENT_ROOT'].'/usr/SysFiles/'.$Category, $Links);

    die(Header('Location: /CMS/Errors/Saved.php'));

?>

When this is written to the text file DB, any control characters such as speech marks are being escaped with a slash. Something along the lines of He said "FooBar" would turn up as He said \"FooBar\"

When I contacted the web host, they said this was a problem with my code and the only way to resolve this was to upgrade to a VPS.

The way I see it, upgrading to a VPS wouldn't make a single bit of difference if the issue was with the code. Furthermore, the code itself writes to the DB but it is being intercepted between transmission and storage. Equally they couldn't point out the issue with the code, and responded simply with the "solution" to upgrade to a VPS.

Before I pursue the case further, is there any possibility it could be an issue with my code? Or is it more likely the web host implementing some sort of security feature (similar to HTMLSpecialChars) to prevent code execution by people who use this style of DB for a public comment system etc.

Thank you

2
Contributors
6
Replies
12
Views
4 Years
Discussion Span
Last Post by Octet
0

Thank you for the response, so it is going to be a server configuration problem instead of my code?

0

Basically. IMO this setting should be off, but you can't force them to do so. So you will have to program around it. The issue is that once they upgrade to 5.4 this setting is gone (read false). So you'll have to code for both instances, or the code will fail once they upgrade.

0

Basically. IMO this setting should be off, but you can't force them to do so. So you will have to program around it. The issue is that once they upgrade to 5.4 this setting is gone (read false). So you'll have to code for both instances, or the code will fail once they upgrade.

Thanks,

I'm going to try and work around it with a htaccess file otherwise I'll play around with PHP code.

1

Thank you Pritaeas,

The problem has now been resolved by checking for magic quotes (which was the source of the problem, and they have now confirmed it is their configuration causing the issue) and stripping slashes on output if it is enabled.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.