Posted by Robin on 07/25/07 08:52

Sergei Riaguzov wrote:
> On Tue, 24 Jul 2007 13:10:37 +0200, Michael Fesser wrote:
>
>> Slashes are produced by magic quotes, an old and absolutely broken
>> concept. Thankfully it will be removed in PHP 6. But for now you have to
>> call get_magic_quotes_gpc() to check if MQs are enabled. If that's the
>> case, call stripslashes() on the POST or GET values to get the raw data.
>> That's what you should always work with.
> OK, thank you! I will use "if (get_magic_quotes_gpc())" check before
> applying stripslashes() and won't apply it in case get_magic_quotes_gpc()
> returns false.

The ternary conditional operator comes in handy here, so your original
function call:

htmlspecialchars(stripslashes($_POST["blabla"]), ENT_QUOTES);

becomes

htmlspecialchars(get_magic_quotes_gpc()?stripslashes($_POST["blabla"]):$_POST["blabla"],ENT_QUOTES);

Robin

[Back to original message]