If magic_quotes_gpc is on will I still need to use striplashes() if no why? is so when and where?
views:
39answers:
3
+3
A:
gpc in magic_quotes_gpc stands for GET, POST, COOKIE. So everything in $_GET, $_POST and $_COOKIE got escaped. If magic_quotes_gpc is turned on, you should run stripslashes on variables in those arrays.
Remember to run mysql_real_escape_string() on variables in queries (except for prepared statements)
magic_quotes are deprecated, it's recommended to disable it and escape variables using mysql_real_escape_string() (for MySQL). Put the following in a .htaccess file for disabling magic_quotes_gpc:
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
Lekensteyn
2010-08-25 08:34:55
A:
Not "still" but that's the only case when you will need this function.
In the configuration file which being included in all your scripts. Strip slashes from all GPC data.
Col. Shrapnel
2010-08-25 08:36:31
A:
The very good ptactice is make mysql_real_escape_string();
I am advise you to off magic_quotes. In PHP 6 magic quotes will be off.
If your hoster doesn't give you access to change this option, you can use the next function:
function stripslashes_deep($value) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
if((function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc()) || (ini_get('magic_quotes_sybase') && (strtolower(ini_get('magic_quotes_sybase'))!="off")) ){
stripslashes_deep($_GET);
stripslashes_deep($_POST);
stripslashes_deep($_COOKIE);
}
Alexander.Plutov
2010-08-25 08:41:54