If magic quotes are on and can’t be disabled, the PHP manual suggests using this to undo the damage:
<?php
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?>
However, if you are just working with a simple form-to-email script, is there any disadvantage to simply using something like this to remove the slashes?
if ( get_magic_quotes_gpc() ) {
$name = stripslashes($name);
$email = stripslashes($email);
$message = stripslashes($message);
}