[PHP-DOC] Re: phpdoc /en/security magicquotes.xml

Tue, 07 Sep 2004 08:20:42 -0700 

Hi Team,

I've put some basic ideas down, I'd love further input (especially if you 
could commit it yourselves!)


Thanks




"Aidan Lister" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> aidan Tue Sep  7 10:29:21 2004 EDT
>
>  Added files:
>    /phpdoc/en/security magicquotes.xml
>  Log:
>  Basic information, much more to come later
>
>
> http://cvs.php.net/co.php/phpdoc/en/security/magicquotes.xml?r=1.1&p=1
> Index: phpdoc/en/security/magicquotes.xml
> +++ phpdoc/en/security/magicquotes.xml
> <?xml version="1.0" encoding="iso-8859-1"?>
> <!-- $Revision: 1.1 $ -->
>  <chapter id="security.magicquotes">
>   <title>Magic Quotes</title>
>   <para>
>    Magic-quotes was added to reduce code written by beginners from being 
> dangerous.
>    If you disable magic quotes, you must be very careful to protect 
> yourself from
>    SQL injection attacks.
>   </para>
>
>   <sect1 id="security.magicquotes.disabling">
>    <title>Disabling Magic Quotes</title>
>    <para>
>     In the interests of writing portable code (code that works
>     in any environment), or, if you do not have access to change
>     php.ini, you may wish to disable the effects of magic quotes
>     on a per-script basis. This can be done several different ways.
>    </para>
>    <para>
>     <example>
>      <title>Disabling magic quotes at runtime</title>
>      <programlisting role="php">
> <![CDATA[
> <?php
> if (get_magic_quotes_gpc()) {
>    function stripslashes_deep($value)
>    {
>        $value = is_array($value) ?
>                    array_map('stripslashes_deep', $value) :
>                    stripslashes($value);
>
>        return $value;
>    }
>
>    $_POST = array_map('stripslashes_deep', $_POST);
>    $_GET = array_map('stripslashes_deep', $_GET);
>    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
> }
> ?>
> ]]>
>      </programlisting>
>     </example>
>    </para>
>   </sect1>
>
>  </chapter>
>
> <!-- Keep this comment at the end of the file
> Local variables:
> mode: sgml
> sgml-omittag:t
> sgml-shorttag:t
> sgml-minimize-attributes:nil
> sgml-always-quote-attributes:t
> sgml-indent-step:1
> sgml-indent-data:t
> indent-tabs-mode:nil
> sgml-parent-document:nil
> sgml-default-dtd-file:"../../manual.ced"
> sgml-exposed-tags:nil
> sgml-local-catalogs:nil
> sgml-local-ecat-files:nil
> End:
> vim600: syn=xml fen fdm=syntax fdl=2 si
> vim: et tw=78 syn=sgml
> vi: ts=1 sw=1
> -->

Reply via email to