From: oregon at pobox dot com Operating system: Linux 2.4.9-31 PHP version: 4.2.3 PHP Bug Type: Variables related Bug description: magic_quotes_gpc doesn't escape URL-encoded single quotes
The magic_quotes_gpc option correctly escapes single quotes, but it ignores the single quote in GET data when the single quote is URL-encoded (as %27). This causes database errors on submitted data what was supposed to be handled by magic_quotes_gpc. Example: calling a script "view.php" with city set to "Martha's Vinyard" URL-encoded will generate a DB error when the city is passed to a database query... http://mywebsite.com/view.php?city=Martha%27s+Vinyard -- Edit bug report at http://bugs.php.net/?id=22424&edit=1 -- Try a CVS snapshot: http://bugs.php.net/fix.php?id=22424&r=trysnapshot Fixed in CVS: http://bugs.php.net/fix.php?id=22424&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=22424&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=22424&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=22424&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=22424&r=support Expected behavior: http://bugs.php.net/fix.php?id=22424&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=22424&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=22424&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=22424&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=22424&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=22424&r=dst IIS Stability: http://bugs.php.net/fix.php?id=22424&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=22424&r=gnused