SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,214
    Mentioned
    457 Post(s)
    Tagged
    8 Thread(s)

    Methods for removing magic quotes

    If magic quotes are on and can't be disabled, the PHP manual suggests using this to undo the damage:

    PHP Code:
    <?php
    if (get_magic_quotes_gpc()) {
        
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
        while (list(
    $key$val) = each($process)) {
            foreach (
    $val as $k => $v) {
                unset(
    $process[$key][$k]);
                if (
    is_array($v)) {
                    
    $process[$key][stripslashes($k)] = $v;
                    
    $process[] = &$process[$key][stripslashes($k)];
                } else {
                    
    $process[$key][stripslashes($k)] = stripslashes($v);
                }
            }
        }
        unset(
    $process);
    }
    ?>
    However, if you are just working with a simple form-to-email script, is there any disadvantage to simply using something like this to remove the slashes?

    PHP Code:
    if ( get_magic_quotes_gpc() ) { 
      
    $name stripslashes($name);
      
    $email stripslashes($email);
      
    $message stripslashes($message);


  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi Ralph,

    Like you say
    However, if you are just working with a simple form-to-email script, is there any disadvantage to simply using something like this to remove the slashes?
    there is no disadvantage to using your approach.

    Regards,
    Steve
    ictus==""

  3. #3
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,214
    Mentioned
    457 Post(s)
    Tagged
    8 Thread(s)
    Cool, thanks ServerStorm. Do you think that simpler code is a bit inefficient? I don't know PHP well enough yet to know if if can be simplified.

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    It is as efficient as it gets, it has no loop. But it is more efficient for you to type out every single variable that you are going to use? That is a different question.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,214
    Mentioned
    457 Post(s)
    Tagged
    8 Thread(s)
    Quote Originally Posted by logic_earth View Post
    But it is more efficient for you to type out every single variable that you are going to use? That is a different question.
    Indeed. There's no doubt a tipping point beyond which it's a silly route to take.

  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Could do this:
    PHP Code:
    if ( get_magic_quotes_gpc() )
      
    array_walk_recursive$_GET, function ( &$v ) { $v stripslashes$v ); } ); 
    If you really wanted to do large sets...
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #7
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,214
    Mentioned
    457 Post(s)
    Tagged
    8 Thread(s)
    Thanks logic_earth. I'll play around with that.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •