Using get_magic_quotes_gpc on PHP Version 5.2.14 or equivalent for PHP Version 6

烂漫一生 提交于 2019-12-23 01:43:14

问题


Our site is using PHP Version 5.2.14

Lately our hoster probably changed magic-quote defenition, and I came up with the suggested solution [code bellow]

  1. Is this solution OK for PHP Version 5.2.14 ?
  2. What should I change when we upgrade to PHP version 6 ?
// Code:

function fHandleQuotes($s) {
  if (get_magic_quotes_gpc())
    return ($s);
  return (addslashes($s));
}

. . .
// Usage:

. . . 
$query = "UPDATE myTable SET myField = '" . fHandleQuotes($_POST['fieldName']) . "'";
. . . 

回答1:


In PHP 6 magic_quotes will be removed!
Now you can use this function.

if(  ( function_exists("get_magic_quotes_gpc") && get_magic_quotes_gpc() ) || ini_get('magic_quotes_sybase')  ){
    foreach($_GET as $k => $v) $_GET[$k] = stripslashes($v);
    foreach($_POST as $k => $v) $_POST[$k] = stripslashes($v);
    foreach($_COOKIE as $k => $v) $_COOKIE[$k] = stripslashes($v);
}



回答2:


Read this and why you shouldn't use magic quotes:
http://php.net/manual/en/security.magicquotes.disabling.php

Use one of the examples on that page and replace stripslashes with addslashes. But yes, your solution probably works. Though it would be faster and less intrusive to just use $_GET = array_map("addslashes", $_GET); once at startup. Even better would be to use mysql_real_escape_string instead of addslashes thereon. (But your database connection must already be established for this to work.)

Also I'd like to spamrecommend you this: http://sourceforge.net/p/php7framework/wiki/input/ - because it allows you to progressively rewrite your application to use $_GET->q["fieldName"] for (not so secure) magic quoted fields, or simply $_POST->sql["fieldName"] for (more secure) encoded fields.
You can even use $_REQUEST->sql->always() to enable the filter per default for all normal $_REQUEST["fieldName"] accesses. Though that might be overkill for some applications.



来源:https://stackoverflow.com/questions/4077543/using-get-magic-quotes-gpc-on-php-version-5-2-14-or-equivalent-for-php-version-6

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!