aidan Tue Sep 7 10:29:21 2004 EDT
Added files:
/phpdoc/en/security magicquotes.xml
Log:
Basic information, much more to come later
http://cvs.php.net/co.php/phpdoc/en/security/magicquotes.xml?r=1.1&p=1
Index: phpdoc/en/security/magicquotes.xml
+++ phpdoc/en/security/magicquotes.xml
<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.1 $ -->
<chapter id="security.magicquotes">
<title>Magic Quotes</title>
<para>
Magic-quotes was added to reduce code written by beginners from being dangerous.
If you disable magic quotes, you must be very careful to protect yourself from
SQL injection attacks.
</para>
<sect1 id="security.magicquotes.disabling">
<title>Disabling Magic Quotes</title>
<para>
In the interests of writing portable code (code that works
in any environment), or, if you do not have access to change
php.ini, you may wish to disable the effects of magic quotes
on a per-script basis. This can be done several different ways.
</para>
<para>
<example>
<title>Disabling magic quotes at runtime</title>
<programlisting role="php">
<![CDATA[
<?php
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
?>
]]>
</programlisting>
</example>
</para>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
