FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176415 is a reply to message #176414] Thu, 05 January 2012 13:36 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Arno Welzel wrote:
> Erwin Moller, 2012-01-05 14:08:
>
>> On 1/4/2012 3:55 PM, Arno Welzel wrote:
>>> Michael Joel, 2011-12-29 21:55:
>>>
>>>> I do not have control of my server (shared server).
>>>>
>>>> echo get_magic_quotes_gpc(); returns True.
>>>> Should I still be cautious and use addslashes/stripslashes in case the
>>>> hosting company ever decides to change the settings?
>>> I assume magic quotes to be disabled and in the past i used the
>>> following code fragment to be safe:
>>>
>>> <http://arnowelzel.de/wiki/en/web/php_magicquotes>
>>>
>>>
>> Hi Arnold,
>
> Just Arno - not Arnold ;-)
>
>
>> That is a lot of overhead on each request.
>
> I know - and this is only meant to be a workaround for existing code
> which can not be easily adopted to handle Magic Quotes and the PHP
> configuration can not be changed.
>
>> And $_REQUEST should be avoided anyway in all situation (in my humble
>> opinion) for various reasons. But if you use it, it should indeed be
>> added to your list in your approach.
>
> I'm not sure, if it's enough to modify $_GET, $_POST etc. if further
> parts of a script use $_REQUEST - therefore i added $_REQUEST to be sure.
>
>
I am interested in this, because in general I leave magic quotes on
because some old code relies on it on some of my sites..


Is this comment still true? - its from the PHP manual

"I have discovered that my host doesn't like either of the following
directives in the .htaccess file:

php_flag magic_quotes_gpc Off
php_value magic_quotes_gpc Off

However, there is another way to disable this setting even if you don't
have access to the server configuration - you can put a php.ini file in
the directory where your scripts are with the directive:

magic_quotes_gpc = Off

However, these does not propogate unlike .htaccess rules, so if you
launch from a sub-directory, you need the php.ini file in each directory
you have as script entry points."


If so it, gives another option to override server defaults.
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 23:01:50 GMT 2024

Total time taken to generate the page: 0.04198 seconds