Escaping quotes - moving from PHP4 to PHP5
https://stackoverflow.com/questions/9225964
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've inherited a php4 site that needs to run on my PHP5 Server, I've solved most of the issues but can't figure out what the author was trying to do here. Well, to be precise, he was tring to quote the submitted text but I'm not sure how this function is supposed to work and how I should do it in PHP5?
# Function to safely add slashes when magic quotes is switched off
function safe_slash($string)
{
if (!get_magic_quotes_gpc())
{
$string = addslashes($string);
}
return $string;
}
La solution
By default PHP4 has an option in PHP.ini turned on called magic_quotes_gpc, it will addslashes to all $_POST/$_GET variables.
That code simply checks if the value magic_quotes_gpc is turned off, if it is it will addslashes to the $string passed in.
It should work in PHP4 and PHP5 (in PHP6 magic_quotes_gpc is going to be removed I believe). It's not recommended to rely on though, it was initially for 'protecting' against SQL injection but it has been found to be inadequate.
Autres conseils
$_POST = self::addSlashesRecursive($_POST);
$_GET = self::addSlashesRecursive($_GET);
$_COOKIE = self::addSlashesRecursive($_COOKIE);
function addSlashesRecursive($s)
{
if (get_magic_quotes_gpc()) {
return $s;
}
if (is_string($s)) {
return addslashes($s);
} else if (is_array($s)) {
return array_map(array('addSlashesRecursive'), $s);
}
return $s;
}
But for my mind it will be better to change your code. In PHP6 magic_quotes will be removed at all.
