seb otron Tue Feb 22 21:47:35 -0500 2011

Subject: Escaped values

Hello! I'm currently storing string values in a table and some of them contain single quotes. These are escaped before being inserted for obvious reasons. My question is, is there an existing mecanism to handle escaped strings once I want to pull them out or should I unescape them myself?

Thank you!

Benjamin P Sat Feb 26 12:45:31 -0500 2011

Actually, I don't see an obvious reason for escaping, as AR is using parametrized queries (SELECT ... WHERE a = ?). Which Database are you using?

seb otron Sat Feb 26 13:01:03 -0500 2011

I'm using MySQL5. Let me explain:

mymodel::create(array("somefield" => "I'm that guy"));

somefield will be stored as "I\'m that guy".

I'd like to know if I need to use stripslashes whenever I try to pull my values or if phpactiverecord has some mecanism to do it for me. Either that, or a way to prevent single quotes to be escaped before insertion.

Thank you!

Benjamin P Sat Feb 26 13:04:29 -0500 2011

Oh, ok. This might be due to magic escaping:

So can you make sure that this preference is set to 0 ?

seb otron Sat Feb 26 13:12:20 -0500 2011

I looked it up and it's off. :s

Here's my config:

magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase Off

Benjamin P Sat Feb 26 13:23:14 -0500 2011

And it's not due to gpc? Maybe a dumb question, gpc should only escape via GET/POST. But otherwise, I can't help you further, sorry. In any case AR should give you back what you give him, maybe you should file a bug.

seb otron Sat Feb 26 13:27:20 -0500 2011

I tried to set gpc off and it didn't change anything. And I doubt it's a bug, i'm certainly not the first to try and store a varchar with single quotes in it :) I'm sure others would've seen it had it been a bug. Oh well.. I suppose I'll use stripslashes, it did the trick. Thank you very much for your time! It's appreciated!

Jacques Fuentes Sun Feb 27 01:06:39 -0500 2011

You could always overwrite the base model's #read_attribute

class AbsractBase extends ActiveRecord\Model {
  public function read_attribute($attr) {
    $value = parent::find_parent($attr);
    if (is_string($value))
      $value = escape($value);
    return $value;

class User extends AbstractBase {

$u = User::first();
echo $u->name; #should invoke function escape on this attr

$user = 
seb otron Mon Feb 28 14:05:16 -0500 2011

Funny, I hadn't thought of that.

I did override the read_attribute method and it now seems to work like a charm! I haven't done extensive testing yet but so far so good! Thank you!

Lucio Crusca Mon Apr 11 08:54:43 -0400 2016

This is an old thread, but I'm still experiencing this problem in the current phpactiverecord. Is the base model overwrite still the best solution? If so, we can assume this is a bug in phpactiverecord, right?

EDIT: never mind, magic quotes are the real problem in my case.