FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176382 is a reply to message #176379] Thu, 29 December 2011 22:22 Go to previous messageGo to previous message
Thomas Mlynarczyk is currently offline  Thomas Mlynarczyk
Messages: 131
Registered: September 2010
Karma:
Senior Member
Michael Fesser schrieb:
> Check if magic quotes are enabled and use stripslashes() if they
> are to get the raw data.

There is also the sybase version of magic quotes which would require a
different kind of treatment. And if the data is an array you have to do
the keys as well, but only on the first level for a multidimensional
array if I remember right and -- well, all this is definitely way too
much trouble.

I prefer using the filter functions (http://de3.php.net/filter). They
allow to access the raw input data and thus to completely bypass any
magic quoting (as well as any modifications of the $_GET etc. arrays
done by the script):

/**
* Read a GPC value.
*
* @param string Name
* @return string|array|null Value or null
*/
function input( $name )
{
$name = str_replace( '.', '_', $name );
foreach ( array( INPUT_GET, INPUT_POST, INPUT_COOKIE ) as $source ):
$value = filter_input( $source, $name, FILTER_UNSAFE_RAW );
if ( $value === false ):
$value = filter_input( $source, $name,
FILTER_UNSAFE_RAW, FILTER_REQUIRE_ARRAY );
endif;
if ( $value !== null and $value !== false ):
return $value;
endif;
endforeach;
}

The above function can be modified to accept an explicit $source as
second argument and do away with the foreach. The first line addresses
the fact that PHP silently converts any dot in a variable name to an
underscore. My function allows using the "dotted" name. Once the value
is retrieved, it must, of course, be properly validated. Although the
filter functions provide such functionality, I prefer to do my own
validation.

Greetings,
Thomas


--
Ce n'est pas parce qu'ils sont nombreux à avoir tort qu'ils ont raison!
(Coluche)
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 22 20:01:01 GMT 2024

Total time taken to generate the page: 0.04824 seconds