FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176418 is a reply to message #176417] Thu, 05 January 2012 15:49 Go to previous messageGo to previous message
The Natural Philosoph is currently offline  The Natural Philosoph
Messages: 993
Registered: September 2010
Karma:
Senior Member
Erwin Moller wrote:
> On 1/5/2012 2:36 PM, The Natural Philosopher wrote:
>> Arno Welzel wrote:
>>> Erwin Moller, 2012-01-05 14:08:
>>>
>>>> On 1/4/2012 3:55 PM, Arno Welzel wrote:
>>>> > Michael Joel, 2011-12-29 21:55:
>>>> >
>>>> >> I do not have control of my server (shared server).
>>>> >>
>>>> >> echo get_magic_quotes_gpc(); returns True.
>>>> >> Should I still be cautious and use addslashes/stripslashes in case
>>>> >> the
>>>> >> hosting company ever decides to change the settings?
>>>> > I assume magic quotes to be disabled and in the past i used the
>>>> > following code fragment to be safe:
>>>> >
>>>> > <http://arnowelzel.de/wiki/en/web/php_magicquotes>
>>>> >
>>>> >
>>>> Hi Arnold,
>>>
>>> Just Arno - not Arnold ;-)
>>>
>>>
>>>> That is a lot of overhead on each request.
>>>
>>> I know - and this is only meant to be a workaround for existing code
>>> which can not be easily adopted to handle Magic Quotes and the PHP
>>> configuration can not be changed.
>>>
>>>> And $_REQUEST should be avoided anyway in all situation (in my humble
>>>> opinion) for various reasons. But if you use it, it should indeed be
>>>> added to your list in your approach.
>>>
>>> I'm not sure, if it's enough to modify $_GET, $_POST etc. if further
>>> parts of a script use $_REQUEST - therefore i added $_REQUEST to be
>>> sure.
>>>
>>>
>> I am interested in this, because in general I leave magic quotes on
>> because some old code relies on it on some of my sites..
>
> Hi NP,
>
> I feel your pain. I am in the same situation. :-(
> (I have an old PHP4.3 machine under my control with magic_quotes on.)
>
>
>>
>>
>> Is this comment still true? - its from the PHP manual
>>
>> "I have discovered that my host doesn't like either of the following
>> directives in the .htaccess file:
>>
>> php_flag magic_quotes_gpc Off
>> php_value magic_quotes_gpc Off
>>
>> However, there is another way to disable this setting even if you don't
>> have access to the server configuration - you can put a php.ini file in
>> the directory where your scripts are with the directive:
>>
>> magic_quotes_gpc = Off
>>
>> However, these does not propogate unlike .htaccess rules, so if you
>> launch from a sub-directory, you need the php.ini file in each directory
>> you have as script entry points."
>>
>>
>> If so it, gives another option to override server defaults.
>
> I wouldn't bet on that trick to work everywhere.
> It seems to me that depends on the way PHP and/or Apache is set up.
>

well that on my new cheap virtual server is entirely UP TO ME!!

I cannot believe how little it costs, either. <$200 a year (about £160
uk IIRC)

I am limited on RAM and disk space, and total byte transfers but CPU
power is - massive. As is network speed.

Its all RAIDED..

And a quick rsync backs it up on the server here every night..in case.


Best of all with my admin center here on a fixed IP address, I can set
the firewall to let ME have unlimited access to it.

I actually NFS mount the web sites when I am working on them and edit
the files directly if I feel lucky. No more FTP uploads.

The cherry on the cake was putting a pass through for its IP address
into my admin network here and setting up a print queue that prints
directly to the printer on my desk!

Apart from a slight speed issue saving files, it's like it was a machine
here in the office.

(except when the power went out last night, it stayed up)

If you have more than a few websites its well worth doing this I feel.


> Much safer is simply wrap a simple function around $_POST["whatever"]
> that tests for the real situation.
> Or use Arno's trick, which is a little heavier on the server because it
> strips more than needed.
> The advantage of Arno's approach is of course that you don't have to
> adjust existing code: you can simply enforce magic_quotes or shut them
> down.
>
> I do prefer a wrapperfunction. That way you have no server dependencies
> in your PHP code.
> Well, at least not for magic_quotes that is. ;-)
>
> Regards,
> Erwin Moller
>
>
IF I was stick with a server setup that meant I had no other choice, I
would.

My situation is different however. I am looking for the simplest way to
make it a per site option, and not a global one.

Given its my server to do what I like with..
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 23:06:17 GMT 2024

Total time taken to generate the page: 0.04797 seconds