Actually, I don't see an obvious reason for escaping, as AR is using parametrized queries (SELECT ... WHERE a = ?). Which Database are you using?
I'm using MySQL5. Let me explain:
mymodel::create(array("somefield" => "I'm that guy"));
somefield will be stored as "I\'m that guy".
I'd like to know if I need to use stripslashes whenever I try to pull my values or if phpactiverecord has some mecanism to do it for me. Either that, or a way to prevent single quotes to be escaped before insertion.
Thank you!
Oh, ok. This might be due to magic escaping:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime
So can you make sure that this preference is set to 0 ?
I looked it up and it's off. :s
Here's my config:
magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase Off
And it's not due to gpc? Maybe a dumb question, gpc should only escape via GET/POST. But otherwise, I can't help you further, sorry. In any case AR should give you back what you give him, maybe you should file a bug.
I tried to set gpc off and it didn't change anything. And I doubt it's a bug, i'm certainly not the first to try and store a varchar with single quotes in it :) I'm sure others would've seen it had it been a bug. Oh well.. I suppose I'll use stripslashes, it did the trick. Thank you very much for your time! It's appreciated!
You could always overwrite the base model's #read_attribute
class AbsractBase extends ActiveRecord\Model {
public function read_attribute($attr) {
$value = parent::find_parent($attr);
if (is_string($value))
$value = escape($value);
return $value;
}
}
class User extends AbstractBase {
}
$u = User::first();
echo $u->name; #should invoke function escape on this attr
$user =
Funny, I hadn't thought of that.
I did override the read_attribute method and it now seems to work like a charm! I haven't done extensive testing yet but so far so good! Thank you!
This is an old thread, but I'm still experiencing this problem in the current phpactiverecord. Is the base model overwrite still the best solution? If so, we can assume this is a bug in phpactiverecord, right?
EDIT: never mind, magic quotes are the real problem in my case.
(1-9/9)
Subject: Escaped values
Hello! I'm currently storing string values in a table and some of them contain single quotes. These are escaped before being inserted for obvious reasons. My question is, is there an existing mecanism to handle escaped strings once I want to pull them out or should I unescape them myself?
Thank you!