magic-quotes-gpc

Antidote for magic_quotes_gpc()?

前提是你 提交于 2019-12-01 01:16:09
I've seen dozens of PHP snippets that go like this: function DB_Quote($string) { if (get_magic_quotes_gpc() == true) { $string = stripslashes($string); } return mysql_real_escape_string($string); } What happens if I call DB_Quote("the (\\) character is cool"); ? (Thanks jspcal!) Aren't we supposed to strip slashes only when get_magic_quotes_gpc() == true and the value originated from $_GET , $_POST or $_COOKIE superglobals? Yeah, I've seen dozens of PHP snippets like that, too. It's a bit sad. Magic quotes are an input issue. It has to be fixed at the input stage, by iterating the GET/POST

Antidote for magic_quotes_gpc()?

感情迁移 提交于 2019-11-30 20:44:05
问题 I've seen dozens of PHP snippets that go like this: function DB_Quote($string) { if (get_magic_quotes_gpc() == true) { $string = stripslashes($string); } return mysql_real_escape_string($string); } What happens if I call DB_Quote("the (\\) character is cool"); ? (Thanks jspcal!) Aren't we supposed to strip slashes only when get_magic_quotes_gpc() == true and the value originated from $_GET , $_POST or $_COOKIE superglobals? 回答1: Yeah, I've seen dozens of PHP snippets like that, too. It's a

Why is turning magic_quotes_gpc on considered a bad practice?

我的梦境 提交于 2019-11-26 21:42:02
问题 Why is turning on magic_quotes_gpc in PHP considered a bad practice? 回答1: I don't think I can explain it any better than the makers of PHP itself (with followup comments on that page): Why not to use Magic Quotes Portability: Assuming it to be on, or off, affects portability. Use get_magic_quotes_gpc() to check for this, and code accordingly. Performance: Because not every piece of escaped data is inserted into a database, there is a performance loss for escaping all this data. Simply calling

How to turn off magic quotes on shared hosting?

本小妞迷上赌 提交于 2019-11-26 00:38:11
问题 I want to turn off PHP\'s magic quotes. I don\'t have access to php.ini. When I tried to add php_flag magic_quotes_gpc off to my .htaccess file, I get a 500 internal server error. This is what my .htaccess file looks like: AddType x-mapp-php5 .php php_flag magic_quotes_gpc off Then I tried to use ini_set(\'magic_quotes_gpc\', \'O\') , but that had no effect. How do I turn magic quotes off? 回答1: As per the manual you can often install a custom php.ini on shared hosting, where mod_php isn't
订阅 magic-quotes-gpc