FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176413 is a reply to message #176412] Thu, 05 January 2012 13:08 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 1/4/2012 3:55 PM, Arno Welzel wrote:
> Michael Joel, 2011-12-29 21:55:
>
>> I do not have control of my server (shared server).
>>
>> echo get_magic_quotes_gpc(); returns True.
>> Should I still be cautious and use addslashes/stripslashes in case the
>> hosting company ever decides to change the settings?
>
> I assume magic quotes to be disabled and in the past i used the
> following code fragment to be safe:
>
> <http://arnowelzel.de/wiki/en/web/php_magicquotes>
>
>

Hi Arnold,

That is a lot of overhead on each request.
It loops over all superglobals and calls stripslashes on each of them
(in case magic_quotes is on).
You also do this for $_ENV and $_SERVER which seems strange to me
because magic_quotes only affects cookie/post/get.

magic_quotes_gpc Affects HTTP Request data (GET, POST, and COOKIE).
source: http://nl3.php.net/manual/en/security.magicquotes.what.php

And $_REQUEST should be avoided anyway in all situation (in my humble
opinion) for various reasons. But if you use it, it should indeed be
added to your list in your approach.

Regards,
Erwin Moller


Your code:
===========================================
ini_set('magic_quotes_runtime', 0);

if(get_magic_quotes_gpc())
{
$superglobals=array(
"_REQUEST",
"_GET",
"_POST",
"_COOKIE",
"_ENV",
"_SERVER");

foreach($superglobals as $globalname)
{
foreach($GLOBALS[$globalname] as $name => $value)
{
if(!is_array($value))
{
$GLOBALS[$globalname][$name] = stripslashes($value);
}
}
}
unset($superglobals);
}
===========================================



--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 00:44:09 GMT 2024

Total time taken to generate the page: 0.05285 seconds