问题
For some reason, all my quotes are being escaped and displayed as \". Previously, it was okay. Then I looked at phpinfo() and saw that my magic_quotes_gpc is turned on. However, I cannot find the directory /usr/local/lib/ where php.ini file is and I cannot edit my .htaccess file (gets 500 Internal Server Error).
I tried putting this instead on top of my scripts file (which is included in all pages):
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
But still, the " and ' on my pages still have the backslashes in them.
What am I doing wrong?
回答1:
Give this code a try, it's worked for me in the past.
<?php
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
$unescape_function = (empty($quotes_sybase) || $quotes_sybase === 'off') ? 'stripslashes($value)' : 'str_replace("\'\'","\'",$value)';
$stripslashes_deep = create_function('&$value, $fn', '
if (is_string($value)) {
$value = ' . $unescape_function . ';
} else if (is_array($value)) {
foreach ($value as &$v) $fn($v, $fn);
}
');
// Unescape data
$stripslashes_deep($_POST, $stripslashes_deep);
$stripslashes_deep($_GET, $stripslashes_deep);
$stripslashes_deep($_COOKIE, $stripslashes_deep);
$stripslashes_deep($_REQUEST, $stripslashes_deep);
}
回答2:
Which PHP-version do you use?
If you use a version larger than 5.2
, than you can use filter_input()
or filter_input_array()
. It seems that it ignores the setting of the magic_quotes_gpc
-directive and uses the raw data (the default filter is FILTER_UNSAFE_RAW
)
来源:https://stackoverflow.com/questions/7557419/how-to-remove-magic-quotes-if-php-ini-htaccess-are-not-editable