FUDforum: comp.lang.php » Magic quotes? Should I still be cautious?

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?

Show: Today's Messages :: Polls :: Message Navigator

Re: Magic quotes? Should I still be cautious? [message #176397 is a reply to message #176395]

Fri, 30 December 2011 14:52

Michael Joel
Messages: 42
Registered: October 2011

Karma:

Member

On Fri, 30 Dec 2011 14:42:43 +0100, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_much(at)spamyourself(dot)com> wrote:

> On 12/29/2011 9:55 PM, Michael Joel wrote:
>> I do not have control of my server (shared server).
>>
>> echo get_magic_quotes_gpc(); returns True.
>> Should I still be cautious and use addslashes/stripslashes in case the
>> hosting company ever decides to change the settings?
>>
>> Thanks
>> Mike
>
> Hi Mike,
>
> To sum up all the responses so far:
> 1) Avoid all use of magic_quotes in your code. Do not rely on it.
> 2) If you want your programs to be prepared for magic_quotes, as in
> older shared hosting environments like yours, write a small function to
> wrap the test in, like:
>
> function getRawGPCValue($someGPCStr){
> if (get_magic_quotes_gpc() === 1){
> return stripslashes($someGPCStr);
> } else {
> return $someGPCStr;
> }
> }
>
> And then when you need a value from $_POST, simply do:
> $firstName = getRawGPCValue($_POST("firstname"));
>
> You might want to use a shorter functionname. ;-)
>
>
> 3) When you need to use the value from sources like GPC, simply do the
> right thing with the *raw* data.
>
> For example:
> a) When you expect an integer, don't mind the escaping, simply cast it
> to integer:
> $userid = (int)$_POST["userid"];
> (You might want to add additional checks of course, like rnage of the
> number, if $_POST["userid"] is set at all, etc.)
>
> b) When you want to output it to HTML:
> $firstName = getRawGPCValue($_POST("firstname"));
> echo htmlentities($firstName);
> For more details like charset/encoding read here:
> http://nl3.php.net/manual/en/function.htmlentities.php
>
> c) When you want to insert characterdata into your database:
> Use the right escape function suitable for your database, or use
> something like PDO.
> eg: mysql_real_escape_string() for mysql
> pg_escape_literal() for Postgres.
> etc.
>
> d) When using in an URL, url encode the raw data.
>
>
> etc. etc. etc.
>
>
> Bottomline: Make sure you have the raw (real) data, and use the
> appropriate approach before using.
> There is no "magic" solution that solves all possible situations,
> despite names like "magic_quotes".
> Escaping of strings works differently for URLs, HTML, databaseX, databaseY,
>
> Tip:
> When the encoding of some string is different than for example the
> receiving database, have a look at iconv. It saved me a few headaches.
> http://nl3.php.net/manual/en/function.iconv.php
>
> Good luck!
>
> regards,
> Erwin Moller

Thanks - and thanks all.
This is a lot of information. I plan to go back and adjust the code to
comply better.

Thanks again
Mike

Report message to a moderator

[Message index]

		Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 20:55
		Re: Magic quotes? Should I still be cautious? By: Michael Fesser on Thu, 29 December 2011 21:04
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 21:53
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Thu, 29 December 2011 22:08
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Thu, 29 December 2011 22:22
		Re: Magic quotes? Should I still be cautious? By: Peter H. Coffin on Thu, 29 December 2011 23:53
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 04:32
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 30 December 2011 11:38
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 14:52
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Mon, 02 January 2012 14:02
		Re: Magic quotes? Should I still be cautious? By: Michael Fesser on Fri, 30 December 2011 12:18
		Re: Magic quotes? Should I still be cautious? By: alvaro.NOSPAMTHANX on Fri, 30 December 2011 09:26
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 30 December 2011 13:42
		Re: Magic quotes? Should I still be cautious? By: Michael Joel on Fri, 30 December 2011 14:52
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 04 January 2012 14:55
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 13:08
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Thu, 05 January 2012 13:22
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Thu, 05 January 2012 13:36
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 14:20
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Thu, 05 January 2012 15:49
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Thu, 05 January 2012 13:39
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Thu, 05 January 2012 23:28
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 00:36
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 06 January 2012 10:16
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Fri, 06 January 2012 11:05
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 13:32
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 17:18
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:04
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Sun, 08 January 2012 19:48
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Fri, 06 January 2012 19:14
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 19:24
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Fri, 06 January 2012 19:34
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 20:11
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 23:12
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sat, 07 January 2012 16:59
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sat, 07 January 2012 20:54
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sun, 08 January 2012 01:13
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sun, 08 January 2012 01:33
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sun, 08 January 2012 23:21
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Mon, 09 January 2012 00:05
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Sun, 08 January 2012 19:52
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sun, 08 January 2012 20:59
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 10:00
		Re: Magic quotes? Should I still be cautious? By: The Natural Philosoph on Wed, 11 January 2012 11:53
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 13:45
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 14:43
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 13:44
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 14:47
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 14:51
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Wed, 11 January 2012 17:09
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Wed, 11 January 2012 19:01
		Re: Magic quotes? Should I still be cautious? By: Arno Welzel on Thu, 12 January 2012 07:58
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 16:41
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:05
		Re: Magic quotes? Should I still be cautious? By: Erwin Moller on Fri, 06 January 2012 10:07
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 17:05
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 18:07
		Re: Magic quotes? Should I still be cautious? By: M. Strobel on Fri, 06 January 2012 18:45
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Fri, 06 January 2012 23:09
		Re: Magic quotes? Should I still be cautious? By: Thomas Mlynarczyk on Sat, 07 January 2012 17:08
		Re: Magic quotes? Should I still be cautious? By: Jerry Stuckle on Sat, 07 January 2012 20:59

Previous Topic:	Lilupophilupop
Next Topic:	[WSP] CALL FOR PAPERS [FREE]

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Wed Jun 26 17:23:23 GMT 2024

Total time taken to generate the page: 0.03801 seconds