subject:"\[PHP\] Re\: php.ini setting"

[PHP] Re: php.ini setting

2011-10-03 Thread Jim Giner



 ?php
 if (get_magic_quotes_gpc()) {
 $process = array($_GET, $_POST, $_COOKIE, $_REQUEST);
 while (list($key, $val) = each($process)) {
 foreach ($val as $k = $v) {
 unset($process[$key][$k]);
 if (is_array($v)) {
 $process[$key][stripslashes($k)] = $v;
 $process[] = $process[$key][stripslashes($k)];
 } else {
 $process[$key][stripslashes($k)] = stripslashes($v);
 }
 }
 }
 unset($process);
 }
 ?

 I know it is not the answer you are looking for, but it does work, and 
 used by thousands of coders.

 Stephen

Thanks for the code sample - a little more complex than I've ever used.  Can 
you explain something for me?

The first unset line - what is it doing?  If it is removing the item from 
the $process array, then how can you then reference the value ($v) in the 
very next line?  I must be missing something.

Also - I don't see the need to be stripping slashes from the $k 
(keys/indices?) elements.  What am I missing there?

As I said - the lines are a something new to me and I may not be 
interpreting what is going on here.  Basically I see that you are processing 
all of the arrays (GET,POST, etc) at once, doing each one in turn.  For each 
one, you then get down to the values returned to the script as a $k/$v pair 
which you then check to see if it is in itself an array.(although you ask if 
$v is an array, while I would have thought you'd ask if $k was an array). 
Once you get to the basest element you remove the slashes.

Thanks again - still waiting on my host company to get back to me - they've 
escalated the problem of not being able to turn the quotes off.  Hmmm 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: php.ini setting

2011-10-03 Thread Richard Quadling

On 3 October 2011 14:30, Jim Giner jim.gi...@albanyhandball.com wrote:
 Thanks for the code sample - a little more complex than I've ever used.  Can
 you explain something for me?

 The first unset line - what is it doing?  If it is removing the item from
 the $process array, then how can you then reference the value ($v) in the
 very next line?  I must be missing something.

 Also - I don't see the need to be stripping slashes from the $k
 (keys/indices?) elements.  What am I missing there?

 As I said - the lines are a something new to me and I may not be
 interpreting what is going on here.  Basically I see that you are processing
 all of the arrays (GET,POST, etc) at once, doing each one in turn.  For each
 one, you then get down to the values returned to the script as a $k/$v pair
 which you then check to see if it is in itself an array.(although you ask if
 $v is an array, while I would have thought you'd ask if $k was an array).
 Once you get to the basest element you remove the slashes.

 Thanks again - still waiting on my host company to get back to me - they've
 escalated the problem of not being able to turn the quotes off.  Hmmm

?php
// Are magic quotes enabled?
if (get_magic_quotes_gpc()) {

   // Create an array of refererences to the GET, POST, COOKIE and
REQUEST super-globals.
   // Because these are references, any changes made to $process will
also be reflected
   // in the GET, POST, COOKIE and REQUEST super-globals.
   $process = array($_GET, $_POST, $_COOKIE, $_REQUEST);

   // Iterate each element in $process, creating $key and $val
   // $key is the index of $process and $val is the referenced
super-global array.
   while (list($key, $val) = each($process)) {

   // Iterate $val (the super global array), creating $k and $v
   // $k is the name of the entry in the super-global and $v is the value.
   foreach ($val as $k = $v) {

   // Remove the entry from the super-global.
   unset($process[$key][$k]);

   // Is the value an array.
   if (is_array($v)) {

   // Insert the value back into the super-global, but
strip slashes from the key.
   $process[$key][stripslashes($k)] = $v;

   // Because the value is an array, we don't want to
process it here.
   // Instead, append a reference to the value to the
$process array.
   // It will be picked up after the other super-globals
are processed by the while() line.
   $process[] = $process[$key][stripslashes($k)];
   } else {
   // As the value is not an array, insert the stripped
value back into the super-global,
   // using a stripped key.
   $process[$key][stripslashes($k)] = stripslashes($v);
   }
   }
   }

   // All done, so remove $process also.
   unset($process);
}
?




-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: php.ini setting

2011-10-03 Thread Jim Giner


Richard Quadling rquadl...@gmail.com wrote in message 
news:CAKUjMCVwFos-=swewaoyxw2ukvhkwaueh6dahptycj-4wud...@mail.gmail.com...
On 3 October 2011 14:30, Jim Giner jim.gi...@albanyhandball.com wrote:
 Thanks for the code sample - a little more complex than I've ever used. 
 Can
 you explain something for me?

 The first unset line - what is it doing? If it is removing the item from
 the $process array, then how can you then reference the value ($v) in the
 very next line? I must be missing something.

 Also - I don't see the need to be stripping slashes from the $k
 (keys/indices?) elements. What am I missing there?

 As I said - the lines are a something new to me and I may not be
 interpreting what is going on here. Basically I see that you are 
 processing
 all of the arrays (GET,POST, etc) at once, doing each one in turn. For 
 each
 one, you then get down to the values returned to the script as a $k/$v 
 pair
 which you then check to see if it is in itself an array.(although you ask 
 if
 $v is an array, while I would have thought you'd ask if $k was an array).
 Once you get to the basest element you remove the slashes.


**
Thank you Richard for your effort, but I had the jist of all of this.  What 
I don't get is the points I asked about.  Can you answer the questions I 
mentioned? 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: php.ini setting

2011-10-02 Thread Stephen


On 11-10-02 12:12 PM, Jim Giner wrote:

Spoke to quickly - still having issues.  While the .ini file in each of my
appl. folders has magic quotes set to Off, my scripts are still escaping my
input - obviously following the server's .ini file settings.  Waiting for my
hosters to get back to me.

You could refer them to:

http://php.net/manual/en/security.magicquotes.php

Indicate that magic quotes have deprecated, and ask them to turn them off.

But they will say no, because of all the other users on the server 
that you use.


In the end, you will be left with stripping the slashes on your own:


?php
if (get_magic_quotes_gpc()) {
$process = array($_GET, $_POST, $_COOKIE, $_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k = $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = $process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?

I know it is not the answer you are looking for, but it does work, and 
used by thousands of coders.


Stephen


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: php.ini setting

Re: [PHP] Re: php.ini setting

Re: [PHP] Re: php.ini setting

[PHP] Re: php.ini setting

4 matches

Site Navigation

Mail list logo

Footer information