|
|
Posted by xclarky on 02/05/06 16:25
Why not simply write your own safe addslashes function? You can then
use it on form input or whatever you wish, and regardless of the server
environment the slashes will or will not be appended as neccessary:
[PHP]
function safeAddSlashes($str) {
if(!get_magic_quotes_gpc()) {
if(is_array($str)) {
$str = array_map_recursive('stripslashes', $str);
} else {
$str = addslashes($str);
}
}
return $str;
}
[/PHP]
So in a nutshell, if quotes are already escaped due the the magic
quotes configuration then they will not be escaped further (as ordinary
use of the addslashes() function would do). However, if magic quotes
are off then the data input into the function will be escaped. You can
use it on strings, for example if register globals is on and you are
escaping singular variables, or entire arrays, $POST for example. I
hope this helps. =]
Navigation:
[Reply to this message]
|