PHP 7.4 deprecated get_magic_quotes_gpc function alternative

做~自己de王妃 提交于 2020-04-30 05:17:20

问题


I am encountered with the situation where one of my old code is using get_magic_quotes_gpc() which is deprecated in the latest PHP version 7.4.*

Currently, I have something like this.

Add Slashes

return get_magic_quotes_gpc() ? addslashes($string) : $string;

Remove Slashes

return get_magic_quotes_gpc() ? stripslashes($string) : $string;

Which is obviously giving error

Deprecated: Function get_magic_quotes_gpc() is deprecated

Question:

How can I fix it? So can work the same without using get_magic_quotes_gpc() function?


回答1:


You need to remove every mention of this function from your code and do not replace it with anything else.

get_magic_quotes_gpc() has been useless ever since PHP 5.4.0. It would tell you whether you have magic quotes switched on in the configuration or not. Magic quotes were a terrible idea and this feature was removed for security reasons (PHP developers believed in magic & superstitions and wrote unsecure code).

Most likely even you yourself do not know why you had this line of code in your project. I know I was fooled by it when I was learning PHP. The reality is you do not need it at all. This function has nothing to do with security and the concept of input sanitization is preposterous.

Instead, rely on good security guidelines.

  • Use parameterized prepared statements for interactions with the database. PHP has a very good library called PDO, which can be used with many DB drivers including MySQL.
  • If you produce output, then escape the output taking into consideration the rules of that medium. For example when outputting to HTML use htmlspecialchars() to prevent XSS.
  • Never sanitize input. There is no magical solution that would protect you against everything. Instead, you as a developer must be aware of dangers and you need to know how to protect your code.


来源:https://stackoverflow.com/questions/61054418/php-7-4-deprecated-get-magic-quotes-gpc-function-alternative

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!