Re: [PHP] Kill Magic Quotes
Dave M G wrote:
PHP List,
I found this solution after a web search. I can't attribute the author,
but would like to if I could.
I have a routine like this:
if (isset($_POST['choice'])) {
if (get_magic_quotes_gpc() ){
stripslashes_arrays( $_POST );
}
$choice = $_POST['choice'];
}
else {
$choice = 'unknown';
}
and this is the function
# strips slashes to a multi dimensional array, by reference
function stripslashes_arrays($array) {
if ( is_array($array) ) {
$keys = array_keys($array);
foreach ( $keys as $key ) {
if ( is_array($array[$key]) ) {
stripslashes_arrays($array[$key]);
}
else {
$array[$key] = stripslashes($array[$key]);
}
}
}
}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kill Magic Quotes
On 8/8/08, Stephen [EMAIL PROTECTED] wrote:
I found this solution after a web search. I can't attribute the author, but
would like to if I could.
I have something like that myself, but even on the URL they linked it
has a php.net approved snippet of code that works:
http://www.php.net/manual/en/security.magicquotes.disabling.php
?php
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
?
but i'd say skip REQUEST. just unset($_REQUEST); don't get in the
habit of using it. blech.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kill Magic Quotes
If you can't change php.ini, and if it's Apache, you maybe can just
turn it off in .htaccess, far faster and easier than a PHP function.
You are calling the removeSlashes, right?
And, really, there is no reason for the restoreSlashes function to
exist. If you ever think you need it, you're wrong. :-)
On Thu, August 7, 2008 10:00 pm, Dave M G wrote:
PHP List,
I am developing a web site that is hosted on a web server where I do
not
have permission to change the php.ini file.
This server has magic quotes turned on. I'd like them off.
I wrote two functions to detect when magic quotes is on, and to try
and
counter act its effects. But it does not seem to be working. It seems
to
have no effect, and I get slashes showing up in all sorts of output
where I don't want them. Not only in data put into the database, but
also emails sent to from the site contact page and other places.
Here are the functions I created. Where have I gone wrong?
public static function removeSlashes($string)
{
// Check if Magic Quotes is turned on.
if (get_magic_quotes_gpc())
{
// Remove escape slashes.
return stripslashes($string);
}
// Return a string that has no escape slashes.
return $string;
}
public static function restoreSlashes($string)
{
// Check if Magic Quotes is turned on.
if (get_magic_quotes_gpc())
{
// Add escape slashes.
return addslashes($string);
}
// Return a string that has escape slashes.
return $string;
}
Any advice much appreciated.
--
Dave M G
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Some people ask for gifts here.
I just want you to buy an Indie CD for yourself:
http://cdbaby.com/search/from/lynch
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kill Magic Quotes
public static function restoreSlashes($string)
{
// Check if Magic Quotes is turned on.
if (get_magic_quotes_gpc())
{
// Add escape slashes.
return addslashes($string);
}
// Return a string that has escape slashes.
return $string;
}
Wrong way around.
If gpc is enabled, then there are already slashes - no need to add them
again.
If it's not, you need to addslashes.
if (get_magic_quotes_gpc()) {
return $string;
}
return addslashes($string);
Though I'm curious why you need to re-add them at all.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kill Magic Quotes
Richard, Thank you for replying. If you can't change php.ini, and if it's Apache, you maybe can just turn it off in .htaccess, far faster and easier than a PHP function. I looked on the web and found this line: php_flag magic_quotes_gpc off ... and added it to my .htaccess file. But it doesn't seem to make a difference. I've set my scripts up so people can embed Google Maps on their pages. The problem I'm seeing now is that the output for the Google Map has all these additional double quotes that I don't know where they are coming from. Maybe it's not a magic quote issue? It looks like this: iframe width=\360\ height=\360\ frameborder=\0\ scrolling=\no\ marginheight=\0\ marginwidth=\0\... (trimmed for brevity) You are calling the removeSlashes, right? I believe I'm calling it everywhere there is some text being inputted or outputted. And, really, there is no reason for the restoreSlashes function to exist. If you ever think you need it, you're wrong. I guess that makes sense. -- Dave M G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Kill Magic Quotes [SOLVED]
Richard, Try php_value instead of php_flag, though both should work for this one. Whoops... my mistake. Without going into overly complicated details, I hadn't tested the original suggestion properly. Turns out, so far as I can tell, both of these lines work for me: php_value magic_quotes_gpc off php_flag magic_quotes_gpc off Right now I'm using php_value, so I'll stick with that. This seems to have solved my magic quotes woes. Thank you Richard, Chris, Roger, Viraj, and the PHP list for responding. -- Dave M G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
