RE: [PHP] Wrighting to $_POST array

Andrea Giammarchi Mon, 12 Oct 2009 09:10:51 -0700


> But, first, you need to use get_magic_quotes_gpc() to see if magic_quotes_gpc 
> is
> turned on.  If so, you need to run stripslashes() on your variables before you
> run the mysql_real_escape_string() on them.
> 
> 
> if ( get_magic_quotes_gpc() ) {
>     $_POST = array_map('stripslashes', $_POST);
> }
> $_POST = array_map('mysql_real_escape_string', $_POST);


I would totally remove magic_quotes_gpc rather than this for each request:

if ( get_magic_quotes_gpc() ) {

    $_GET = array_map('stripslashes', $_GET);
    $_POST = array_map('stripslashes', $_POST);
    //  $_REQUEST = array_map('stripslashes', $_REQUEST);


    $_COOKIES = array_map('stripslashes', $_COOKIES);
}

there is a reason if magic_quotes has been removed by PHP defaults since ages

Regards
                                          
_________________________________________________________________
Windows Live: Make it easier for your friends to see what you’re up to on 
Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009

RE: [PHP] Wrighting to $_POST array

Reply via email to