Extra backslashes being added in PHP

Question

My _crappy web host did some upgrades the other day and some settings have gone awry, because looking at our company's wiki (MediaWiki), every quote is being escaped with a backslashes. It's not even just data which is being posted (i.e.: the articles) which are affected, but also the standard MediaWiki text. For example,

You\'ve followed a link to a page that doesn\'t exist yet. To create the page, start typing in the box below (see the help page for more info). If you are here by mistake, just click your browser\'s \'\'\'back\'\'\' button.

The first thing I did was disable magic_quotes_gpc AND magic_quotes_runtime using a .htaccess file, but this is still occurring. My php_info() reports this:

Setting             Local Value   Master Value
magic_quotes_gpc        Off            On
magic_quotes_runtime    Off            On
magic_quotes_sybase     Off            Off

Any ideas?

Answer 1

You may want to confirm that the data in your DB hasn't been corrupted. If you were addslash()ing your data when, unbeknownst to you, magic_quotes had been turned on, then you'd be double-slashifying data going into your DB.

Answer 2

If PHP flags are set with php_admin_flag/php_admin_value, you can't change it from a .htaccess file. This has caused me some headache before. Either disable it in php.ini or undo magic quotes in runtime: http://talks.php.net/show/php-best-practices/26

Answer 3

You'll need to get them to change the master value, or handle it yourself. I don't believe you can set magic_quotes_gpc() at runtime for super globals. (Setting it at runtime will strip things like database/files, but not the globals.)

if (ini_get('magic_quotes_gpc') ) {
  foreach($_GET as $key=>$value) {
    $_GET[$key] = stripslashes($value);
  }
} // etc...