FUDforum: comp.lang.php » Magic quotes? Should I still be cautious?

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?

Show: Today's Messages :: Polls :: Message Navigator

Re: Magic quotes? Should I still be cautious? [message #176417 is a reply to message #176415]

Thu, 05 January 2012 14:20

Erwin Moller
Messages: 228
Registered: September 2010

Karma:

Senior Member

On 1/5/2012 2:36 PM, The Natural Philosopher wrote:
> Arno Welzel wrote:
>> Erwin Moller, 2012-01-05 14:08:
>>
>>> On 1/4/2012 3:55 PM, Arno Welzel wrote:
>>>> Michael Joel, 2011-12-29 21:55:
>>>>
>>>> > I do not have control of my server (shared server).
>>>> >
>>>> > echo get_magic_quotes_gpc(); returns True.
>>>> > Should I still be cautious and use addslashes/stripslashes in case the
>>>> > hosting company ever decides to change the settings?
>>>> I assume magic quotes to be disabled and in the past i used the
>>>> following code fragment to be safe:
>>>>
>>>> <http://arnowelzel.de/wiki/en/web/php_magicquotes>
>>>>
>>>>
>>> Hi Arnold,
>>
>> Just Arno - not Arnold ;-)
>>
>>
>>> That is a lot of overhead on each request.
>>
>> I know - and this is only meant to be a workaround for existing code
>> which can not be easily adopted to handle Magic Quotes and the PHP
>> configuration can not be changed.
>>
>>> And $_REQUEST should be avoided anyway in all situation (in my humble
>>> opinion) for various reasons. But if you use it, it should indeed be
>>> added to your list in your approach.
>>
>> I'm not sure, if it's enough to modify $_GET, $_POST etc. if further
>> parts of a script use $_REQUEST - therefore i added $_REQUEST to be sure.
>>
>>
> I am interested in this, because in general I leave magic quotes on
> because some old code relies on it on some of my sites..

Hi NP,

I feel your pain. I am in the same situation. :-(
(I have an old PHP4.3 machine under my control with magic_quotes on.)

>
>
> Is this comment still true? - its from the PHP manual
>
> "I have discovered that my host doesn't like either of the following
> directives in the .htaccess file:
>
> php_flag magic_quotes_gpc Off
> php_value magic_quotes_gpc Off
>
> However, there is another way to disable this setting even if you don't
> have access to the server configuration - you can put a php.ini file in
> the directory where your scripts are with the directive:
>
> magic_quotes_gpc = Off
>
> However, these does not propogate unlike .htaccess rules, so if you
> launch from a sub-directory, you need the php.ini file in each directory
> you have as script entry points."
>
>
> If so it, gives another option to override server defaults.

I wouldn't bet on that trick to work everywhere.
It seems to me that depends on the way PHP and/or Apache is set up.

Much safer is simply wrap a simple function around $_POST["whatever"]
that tests for the real situation.
Or use Arno's trick, which is a little heavier on the server because it
strips more than needed.
The advantage of Arno's approach is of course that you don't have to
adjust existing code: you can simply enforce magic_quotes or shut them down.

I do prefer a wrapperfunction. That way you have no server dependencies
in your PHP code.
Well, at least not for magic_quotes that is. ;-)

Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens

Report message to a moderator

[Message index]

		Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 20:55
		Re: Magic quotes? Should I still be cautious? By: Michael Fesser on Thu, 29 December 2011 21:04
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 21:53
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 22:08
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Thu, 29 December 2011 22:22
		Re: Magic quotes? Should I still be cautious? By: Peter H. Coffin on Thu, 29 December 2011 23:53
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 04:32
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 30 December 2011 11:38
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 14:52
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Mon, 02 January 2012 14:02
		Re: Magic quotes? Should I still be cautious? By: Michael Fesser on Fri, 30 December 2011 12:18
		Re: Magic quotes? Should I still be cautious? By: alvaro.NOSPAMTHANX on Fri, 30 December 2011 09:26
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 30 December 2011 13:42
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 14:52
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 04 January 2012 14:55
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 13:08
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Thu, 05 January 2012 13:22
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Thu, 05 January 2012 13:36
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 14:20
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Thu, 05 January 2012 15:49
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 13:39
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Thu, 05 January 2012 23:28
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 00:36
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 06 January 2012 10:16
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Fri, 06 January 2012 11:05
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 13:32
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 17:18
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:04
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Sun, 08 January 2012 19:48
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Fri, 06 January 2012 19:14
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 19:24
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Fri, 06 January 2012 19:34
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 20:11
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 23:12
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sat, 07 January 2012 16:59
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sat, 07 January 2012 20:54
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sun, 08 January 2012 01:13
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sun, 08 January 2012 01:33
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sun, 08 January 2012 23:21
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Mon, 09 January 2012 00:05
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Sun, 08 January 2012 19:52
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sun, 08 January 2012 20:59
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 10:00
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Wed, 11 January 2012 11:53
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 13:45
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 14:43
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 13:44
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 14:47
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 14:51
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 17:09
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 19:01
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Thu, 12 January 2012 07:58
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 16:41
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:05
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 06 January 2012 10:07
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 17:05
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:07
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 18:45
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 23:09
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sat, 07 January 2012 17:08
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sat, 07 January 2012 20:59

Previous Topic:	Lilupophilupop
Next Topic:	[WSP] CALL FOR PAPERS [FREE]

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sat Jun 29 10:50:55 GMT 2024

Total time taken to generate the page: 0.04803 seconds