magic-quotes-gpc | 易学教程

When does filter_input() remove slashes of POST variables?

阅读更多关于 When does filter_input() remove slashes of POST variables?

问题 I created a small PHP-script, that runs on a server with PHP 5.2.17 and the magic_quotes_gpc directive enabled. I have no write-access to the php.ini file, and I'd like to remove all slashes from user inputs. This should work even if the magic_quotes_gpc directive is turned off (for example when moving the scripts to another server). It should also work recursively when arrays are submitted by the user. I prefer using a built in-function. <html> <head> <title>HP</title> </head> <body> <form

Which superglobals are affected by magic_quotes_gpc = 1?

阅读更多关于 Which superglobals are affected by magic_quotes_gpc = 1?

问题 By looking at the name of this directive one may think that magic_quotes are only applied to $_GET , $_POST and $_COOKIE superglobals but there is one perturbing comment on the PHP Manual: Please note, that when magic_quotes_gpc is set not only $_POST , $_GET , $_REQUEST , $_COOKIE arrays values are slashed. Actually every string value in $GLOBALS array is slashed, ie. $GLOBALS['_SERVER']['PATH_INFO'] (or $_SERVER['PATH_INFO'] ). Can anyone confirm that this is true? Are the superglobals

Which superglobals are affected by magic_quotes_gpc = 1?

阅读更多关于 Which superglobals are affected by magic_quotes_gpc = 1?

Using get_magic_quotes_gpc on PHP Version 5.2.14 or equivalent for PHP Version 6

阅读更多关于 Using get_magic_quotes_gpc on PHP Version 5.2.14 or equivalent for PHP Version 6

问题 Our site is using PHP Version 5.2.14 Lately our hoster probably changed magic-quote defenition, and I came up with the suggested solution [code bellow] Is this solution OK for PHP Version 5.2.14 ? What should I change when we upgrade to PHP version 6 ? // Code: function fHandleQuotes($s) { if (get_magic_quotes_gpc()) return ($s); return (addslashes($s)); } . . . // Usage: . . . $query = "UPDATE myTable SET myField = '" . fHandleQuotes($_POST['fieldName']) . "'"; . . . 回答1: In PHP 6 magic

Work around magic quotes, or just make sure they're off?

阅读更多关于 Work around magic quotes, or just make sure they're off?

问题 Is it worth changing my code to be "more portable" and able to deal with the horror of magic quotes, or should I just make sure that it's always off via a .htaccess file? if (get_magic_quotes_gpc()) { $var = stripslashes($_POST['var']); } else { $var = $_POST['var']; } Versus php_flag magic_quotes_gpc off 回答1: Don't accommodate both situations. Two code paths = twice the headaches, plus there's a good chance you'll slip up and forget to handle both situations somewhere. I used to check if

Get unescaped POST, not magic quoted values in WordPress

阅读更多关于 Get unescaped POST, not magic quoted values in WordPress

问题 Following the question: With "magic quotes" disabled, why does PHP/WordPress continue to auto-escape my POST data? In WordPress, all superglobals are escaped even if magic quotes are off. So, following this answer: With "magic quotes" disabled, why does PHP/WordPress continue to auto-escape my POST data? If I create a plugin and a class to access raw POST, GET, etc., is it a good solution? Do you see any drawbacks, issues whatsoever in such an approach? Here is my plugin below: class

Cannot redeclare a function error

阅读更多关于 Cannot redeclare a function error

问题 I am trying to remove the slashes from magic quotes from an array. So I have two functions, one is to remove the slashes, another is to set the variable. // Strip slashes from an array. function strip_magic_quotes($array) { if (get_magic_quotes_gpc()) { function stripslashes_array($array) { return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array); } return stripslashes_array($array); } return $array; } function set_variable($array = array(),$key,$params = array

How to remove magic quotes if php.ini/.htaccess are not editable?

阅读更多关于 How to remove magic quotes if php.ini/.htaccess are not editable?

问题 For some reason, all my quotes are being escaped and displayed as \". Previously, it was okay. Then I looked at phpinfo() and saw that my magic_quotes_gpc is turned on. However, I cannot find the directory /usr/local/lib/ where php.ini file is and I cannot edit my .htaccess file (gets 500 Internal Server Error). I tried putting this instead on top of my scripts file (which is included in all pages): if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while

PHP - magic quotes gpc and stripslashes question

阅读更多关于 PHP - magic quotes gpc and stripslashes question

问题 Okay my hosting company has magic_quotes_gpc turned ON and I coded my PHP script using stripslashes() in preparation of this. But now the hosting company says its going to turn magic_quotes_gpc OFF and I was wondering what will happen now to my data now when stripslashes() is present should I go through all my millions of lines of code and get rid of stripslashes() ? or leave the stripslashes() function alone? will leaving the stripslashes() ruin my data? 回答1: Your code should use get_magic

Using get_magic_quotes_gpc on PHP Version 5.2.14 or equivalent for PHP Version 6

阅读更多关于 Using get_magic_quotes_gpc on PHP Version 5.2.14 or equivalent for PHP Version 6

Our site is using PHP Version 5.2.14 Lately our hoster probably changed magic-quote defenition, and I came up with the suggested solution [code bellow] Is this solution OK for PHP Version 5.2.14 ? What should I change when we upgrade to PHP version 6 ? // Code: function fHandleQuotes($s) { if (get_magic_quotes_gpc()) return ($s); return (addslashes($s)); } . . . // Usage: . . . $query = "UPDATE myTable SET myField = '" . fHandleQuotes($_POST['fieldName']) . "'"; . . . In PHP 6 magic_quotes will be removed! Now you can use this function. if( ( function_exists("get_magic_quotes_gpc") && get