[PHP] Re: php.ini setting
?php if (get_magic_quotes_gpc()) { $process = array($_GET, $_POST, $_COOKIE, $_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k = $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = $process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } ? I know it is not the answer you are looking for, but it does work, and used by thousands of coders. Stephen Thanks for the code sample - a little more complex than I've ever used. Can you explain something for me? The first unset line - what is it doing? If it is removing the item from the $process array, then how can you then reference the value ($v) in the very next line? I must be missing something. Also - I don't see the need to be stripping slashes from the $k (keys/indices?) elements. What am I missing there? As I said - the lines are a something new to me and I may not be interpreting what is going on here. Basically I see that you are processing all of the arrays (GET,POST, etc) at once, doing each one in turn. For each one, you then get down to the values returned to the script as a $k/$v pair which you then check to see if it is in itself an array.(although you ask if $v is an array, while I would have thought you'd ask if $k was an array). Once you get to the basest element you remove the slashes. Thanks again - still waiting on my host company to get back to me - they've escalated the problem of not being able to turn the quotes off. Hmmm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php.ini setting
On 3 October 2011 14:30, Jim Giner jim.gi...@albanyhandball.com wrote: Thanks for the code sample - a little more complex than I've ever used. Can you explain something for me? The first unset line - what is it doing? If it is removing the item from the $process array, then how can you then reference the value ($v) in the very next line? I must be missing something. Also - I don't see the need to be stripping slashes from the $k (keys/indices?) elements. What am I missing there? As I said - the lines are a something new to me and I may not be interpreting what is going on here. Basically I see that you are processing all of the arrays (GET,POST, etc) at once, doing each one in turn. For each one, you then get down to the values returned to the script as a $k/$v pair which you then check to see if it is in itself an array.(although you ask if $v is an array, while I would have thought you'd ask if $k was an array). Once you get to the basest element you remove the slashes. Thanks again - still waiting on my host company to get back to me - they've escalated the problem of not being able to turn the quotes off. Hmmm ?php // Are magic quotes enabled? if (get_magic_quotes_gpc()) { // Create an array of refererences to the GET, POST, COOKIE and REQUEST super-globals. // Because these are references, any changes made to $process will also be reflected // in the GET, POST, COOKIE and REQUEST super-globals. $process = array($_GET, $_POST, $_COOKIE, $_REQUEST); // Iterate each element in $process, creating $key and $val // $key is the index of $process and $val is the referenced super-global array. while (list($key, $val) = each($process)) { // Iterate $val (the super global array), creating $k and $v // $k is the name of the entry in the super-global and $v is the value. foreach ($val as $k = $v) { // Remove the entry from the super-global. unset($process[$key][$k]); // Is the value an array. if (is_array($v)) { // Insert the value back into the super-global, but strip slashes from the key. $process[$key][stripslashes($k)] = $v; // Because the value is an array, we don't want to process it here. // Instead, append a reference to the value to the $process array. // It will be picked up after the other super-globals are processed by the while() line. $process[] = $process[$key][stripslashes($k)]; } else { // As the value is not an array, insert the stripped value back into the super-global, // using a stripped key. $process[$key][stripslashes($k)] = stripslashes($v); } } } // All done, so remove $process also. unset($process); } ? -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: php.ini setting
Richard Quadling rquadl...@gmail.com wrote in message news:CAKUjMCVwFos-=swewaoyxw2ukvhkwaueh6dahptycj-4wud...@mail.gmail.com... On 3 October 2011 14:30, Jim Giner jim.gi...@albanyhandball.com wrote: Thanks for the code sample - a little more complex than I've ever used. Can you explain something for me? The first unset line - what is it doing? If it is removing the item from the $process array, then how can you then reference the value ($v) in the very next line? I must be missing something. Also - I don't see the need to be stripping slashes from the $k (keys/indices?) elements. What am I missing there? As I said - the lines are a something new to me and I may not be interpreting what is going on here. Basically I see that you are processing all of the arrays (GET,POST, etc) at once, doing each one in turn. For each one, you then get down to the values returned to the script as a $k/$v pair which you then check to see if it is in itself an array.(although you ask if $v is an array, while I would have thought you'd ask if $k was an array). Once you get to the basest element you remove the slashes. ** Thank you Richard for your effort, but I had the jist of all of this. What I don't get is the points I asked about. Can you answer the questions I mentioned? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: php.ini setting
On 11-10-02 12:12 PM, Jim Giner wrote: Spoke to quickly - still having issues. While the .ini file in each of my appl. folders has magic quotes set to Off, my scripts are still escaping my input - obviously following the server's .ini file settings. Waiting for my hosters to get back to me. You could refer them to: http://php.net/manual/en/security.magicquotes.php Indicate that magic quotes have deprecated, and ask them to turn them off. But they will say no, because of all the other users on the server that you use. In the end, you will be left with stripping the slashes on your own: ?php if (get_magic_quotes_gpc()) { $process = array($_GET, $_POST, $_COOKIE, $_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k = $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = $process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } ? I know it is not the answer you are looking for, but it does work, and used by thousands of coders. Stephen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php