7

I'm using PHP 5.4.4 and I'm getting very strange behavior with the FuelPHP ORM save and update functions.

I'm trying to save either serialized or JSON data to a field in the database so something like {"name":"michael"}. When I use the model->save() directly after Model::forge() it seems to work fine 100% of the time and the string you see is the one that gets stored in the MySQL db.

However, if I immediately change something like model->property = 'new property' (not the JSON or serialized data property) and then do another model->save() it will 90% of the time turn all my " into "

It seems that when I debug the issue and step through line by line, it will not reproduce this problem! It will make through the entire script and still have the correct " instead of "

This problem is driving me nuts. I would assume its a configuration thing or there would be a lot more complaints, but I can't find the right switch. I've set both php_flag magic_quotes_gpc Off and php_flag magic_quotes_runtime Off in my .htaccess (although it shouldn't be needed in PHP 5.4+) and verified that both are false.

I'm out of ideas here. Anything to investigate would be really helpful.

michael
  • 376
  • 4
  • 16
  • It seems to have to do with the output filtering. I noticed that sending a notification email that used the data seemed to be causing the issue, and then again if I try to access that field from a function on a model through a view it does it. – michael Aug 23 '12 at 16:50
  • if you have no more ideas, install xdebug, follow the forge and save... magic quotes has nothing to do with encoding quotes into html and it doesn't exist in 5.4 anyway (even if it was that your system was relying on them and now it's gone), there is some setting in your ORM transforming this values – fd8s0 Sep 22 '12 at 10:52
  • 1
    It's not clear from your question *at which point* you realize that `"` has turned into `"`. If that is done by Fuelphp you should scan all files for that string. – hakre Oct 01 '12 at 16:33

3 Answers3

3

Your ORM maybe using some sort of escape function to save your json string. This is a security feature to prevent sql injection attacks. Use a noSql solutions like MongoDB or CouchDB if you need to store json. Otherwise you'll need to cleanup your json strings after they come out of mysql and before you decode them.

http://dev.mysql.com/doc/refman/5.0/en/string-literals.html

atorres757
  • 551
  • 4
  • 9
  • I don't think "*use a different database*" is the correct answer here. Most likely you're running into [fuelphp's view filtering](http://fuelphp.com/docs/general/views.html#/security). Use `$view->set_safe('var', $value)` to bypass this problem. **ProTip** - you can also auto-decode/encode json using the orm's configuration using `data_type = 'json'` and Observers: http://fuelphp.com/docs/packages/orm/observers/included.html#/os_typing – iturgeon Nov 03 '13 at 18:03
0

Try adding some "echo" statements to print out your variables so that you can figure out where its happening. That usually goes a long way toward finding out why.

You might also try adding something like double_encode for the html entities to stop it from encoding them.

RecentCoin
  • 176
  • 1
  • 5
0

if " are converted to " in database then its not a problem. Its for security. If you render the output on browser it will come up as " again.

And if its your browser displaying " as " then you need to decode the value before printing .

user1635914
  • 125
  • 10