site5 enforces magic_quotes
(Folgender Post ist Englisch damit auch Leute was davon haben, die kein Deutsch sprechen.)
Coming back from my one-week-vacation I had multiple user requests coming in to complain about backslashes appearing everywhere. I had this problem before when I moved to site5 (site5 is the hosting service of this site) but I fixed it and it was working ever since.
Turns out last week site5 moved “to a more standardized PHP configuration with our upgrades to PHP5″ (quoting support). This changed global php settings and switched magic_quotes_gpc (see my previous post for magic quotes) to “On” even though my custom php.ini (which lives in my home directory and is symlinked in every necessary subdirectory to make sure it is considered by php) explicitly switched magic_quotes_gpc Off. But site5 seems to overwrite this settings globally and customer support could only tell me to put a piece of php code on top of every page that undoes magic quotes.
This is a really bad hack. I have a reason why my site doesn’t require magic quotes: Not only are they deprecated as of PHP 5.3 (and removed in PHP 6), they are totally annoying putting slashes everywhere. I am very capable of handling user data in SQL statements, thanks.
As a result a lot of user data was stored in the database with unnecessary backslashes. Fortunately I had a script from before that runs through the entire database and eliminates these backslashes. The hack is implemented and now user data escaping should be fine, even though it’s an overhead to escape and unescape every bit of incoming user data.
I cannot understand why site5 would disallow a sensible local setting such as magic_quotes_gpc=Off. To summarize: I was not informed of the change in advance, my user data got corrupted for a week (while I was on vacation) and I am forced to implement a costly walkaround hack to support an unnecessary, deprecated PHP feature. I am not generally unhappy with site5, but I consider this unacceptable and hope it will change soon.