FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Magic quotes? Should I still be cautious?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Magic quotes? Should I still be cautious? [message #176417 is a reply to message #176415] Thu, 05 January 2012 14:20 Go to previous messageGo to previous message
Erwin Moller is currently offline  Erwin Moller
Messages: 228
Registered: September 2010
Karma:
Senior Member
On 1/5/2012 2:36 PM, The Natural Philosopher wrote:
> Arno Welzel wrote:
>> Erwin Moller, 2012-01-05 14:08:
>>
>>> On 1/4/2012 3:55 PM, Arno Welzel wrote:
>>>> Michael Joel, 2011-12-29 21:55:
>>>>
>>>> > I do not have control of my server (shared server).
>>>> >
>>>> > echo get_magic_quotes_gpc(); returns True.
>>>> > Should I still be cautious and use addslashes/stripslashes in case the
>>>> > hosting company ever decides to change the settings?
>>>> I assume magic quotes to be disabled and in the past i used the
>>>> following code fragment to be safe:
>>>>
>>>> <http://arnowelzel.de/wiki/en/web/php_magicquotes>
>>>>
>>>>
>>> Hi Arnold,
>>
>> Just Arno - not Arnold ;-)
>>
>>
>>> That is a lot of overhead on each request.
>>
>> I know - and this is only meant to be a workaround for existing code
>> which can not be easily adopted to handle Magic Quotes and the PHP
>> configuration can not be changed.
>>
>>> And $_REQUEST should be avoided anyway in all situation (in my humble
>>> opinion) for various reasons. But if you use it, it should indeed be
>>> added to your list in your approach.
>>
>> I'm not sure, if it's enough to modify $_GET, $_POST etc. if further
>> parts of a script use $_REQUEST - therefore i added $_REQUEST to be sure.
>>
>>
> I am interested in this, because in general I leave magic quotes on
> because some old code relies on it on some of my sites..

Hi NP,

I feel your pain. I am in the same situation. :-(
(I have an old PHP4.3 machine under my control with magic_quotes on.)


>
>
> Is this comment still true? - its from the PHP manual
>
> "I have discovered that my host doesn't like either of the following
> directives in the .htaccess file:
>
> php_flag magic_quotes_gpc Off
> php_value magic_quotes_gpc Off
>
> However, there is another way to disable this setting even if you don't
> have access to the server configuration - you can put a php.ini file in
> the directory where your scripts are with the directive:
>
> magic_quotes_gpc = Off
>
> However, these does not propogate unlike .htaccess rules, so if you
> launch from a sub-directory, you need the php.ini file in each directory
> you have as script entry points."
>
>
> If so it, gives another option to override server defaults.

I wouldn't bet on that trick to work everywhere.
It seems to me that depends on the way PHP and/or Apache is set up.

Much safer is simply wrap a simple function around $_POST["whatever"]
that tests for the real situation.
Or use Arno's trick, which is a little heavier on the server because it
strips more than needed.
The advantage of Arno's approach is of course that you don't have to
adjust existing code: you can simply enforce magic_quotes or shut them down.

I do prefer a wrapperfunction. That way you have no server dependencies
in your PHP code.
Well, at least not for magic_quotes that is. ;-)

Regards,
Erwin Moller


--
"That which can be asserted without evidence, can be dismissed without
evidence."
-- Christopher Hitchens
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Lilupophilupop
Next Topic: [WSP] CALL FOR PAPERS [FREE]
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Mon Nov 25 21:09:14 GMT 2024

Total time taken to generate the page: 0.05999 seconds