FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176416 is a reply to message #176414] Thu, 05 January 2012 13:39 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 1/5/2012 2:22 PM, Arno Welzel wrote:
> Erwin Moller, 2012-01-05 14:08:
>
>> On 1/4/2012 3:55 PM, Arno Welzel wrote:
>>> Michael Joel, 2011-12-29 21:55:
>>>
>>>> I do not have control of my server (shared server).
>>>>
>>>> echo get_magic_quotes_gpc(); returns True.
>>>> Should I still be cautious and use addslashes/stripslashes in case the
>>>> hosting company ever decides to change the settings?
>>>
>>> I assume magic quotes to be disabled and in the past i used the
>>> following code fragment to be safe:
>>>
>>> <http://arnowelzel.de/wiki/en/web/php_magicquotes>
>>>
>>>
>>
>> Hi Arnold,
>
> Just Arno - not Arnold ;-)

Excuse me, Arno. :-)

I say a lot of Arnold lately since I go to sport school for the first
time in my life. I do this with a friend (who is also a fat programmer
like me) and we call each other Arnold when we are training muscles and
stuff. ;-)
Slip of the tongue, my bad.


>
>> That is a lot of overhead on each request.
>
> I know - and this is only meant to be a workaround for existing code
> which can not be easily adopted to handle Magic Quotes and the PHP
> configuration can not be changed.
>
>> And $_REQUEST should be avoided anyway in all situation (in my humble
>> opinion) for various reasons. But if you use it, it should indeed be
>> added to your list in your approach.
>
> I'm not sure, if it's enough to modify $_GET, $_POST etc. if further
> parts of a script use $_REQUEST - therefore i added $_REQUEST to be sure.
>

I wondered the same thing, actually.
So here is a little test:

<?php
if (isset($_GET["n"])){
$nget = $_GET["n"];
$nrequest = $_REQUEST["n"];

echo "Before:<br>\$nget=$nget<br>\$nrequest=$nrequest<br>";
$_GET["n"] = "something else";
$nget = $_GET["n"];
$nrequest = $_REQUEST["n"];
echo "After:<br>\$nget=$nget<br>\$nrequest=$nrequest<br>";
} else {
echo "use test.php?n=whatever in the url.";
}
?>

When I feed that prog "hi, like this":
http://localhost/test.php?n=hi
It responds with:

Before:
$nget=hi
$nrequest=hi
After:
$nget=something else
$nrequest=hi

Conclusion? $_REQUEST is filled for real, and it doesn't fetch the
information afterwards from GPC which was indeed also possible.

Regards,
Erwin Moller

--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 22:56:18 GMT 2024

Total time taken to generate the page: 0.05166 seconds