Does WordPress escape/(add slashes) to $_REQUEST fields in a plugin? (4 posts)

  1. qwarktastic
    Posted 5 years ago #

    I've been using WordPress for awhile but am writing a custom plugin for a table in the wp database but not for a wp table. The table is called 'schedules' and it has a TEXT field 'sched_desc' which is populated with simple textarea for now.

    First thing is first, magic_quotes_gpc is OFF.

    The problem is, when I post my form (to insert/update data in 'schedules'), the $_REQUEST array seems to get modified by WordPress and my field 'sched_desc' value gets any single and double quotes escaped. So if if 'sched_desc' contains [Who's buried in Grant's tomb?] upon getting $_REQUEST['sched_desc'] in the plugin, it now contains [Who\'s buried in Grant\'s tomb?].

    If I print_r the $_REQUEST at the beginning of admin.php, the values are ok! If I print_r a little down the road in admin.php, the values are escaped!

    I don't understand why WordPress (or something else) is mucking with the values. Does anyone have any direction or ideas? I can't be the first to hit this, yet searching for an answer in the forums and on the web has not resulted in anything.

    Thanks for any help you can provide.


  2. Leroy12
    Posted 5 years ago #

    I'm observing the same behavior when manipulating $_REQUEST inside a theme... :(

  3. Leroy12
    Posted 5 years ago #

    I've found this interesting article that gives some explanations and some potential solutions:


  4. Jafo232
    Posted 4 years ago #

    This was a real pain to trace back. I thought I turned on magic_quotes somehow by accident. Honestly, I think this should be removed. Escape strings in the db abstract but leave the raw data alone.

    Anyway, for those of you who are frustrated with this too, here is an easy workaround:


Topic Closed

This topic has been closed to new replies.

About this Topic