Reply to Re: More magic quotes questions

Your name:

Reply:


Posted by Jambalaya on 05/03/06 02:12

Jon wrote:
> All,
>
> Yes, it's more of the famous 'what do I do about magic_quotes' questions.
> Anyways, here we go:
>
> I've been a PHP developer for about a year now, and have grown to detest
> magic_quotes for numerous reasons. So, in my applications now I simply use
> .htaccess to turn magic_quotes_gpc off and I escape as needed from there.
>
> My problem however has become what to do for FULLY portable applications.
> I'm currently writing an XML-based PHP application that will be using a
> MySQL backend, and going by my logic that I normally use (turning magic
> quotes off via htaccess) I might run into some problems. Basically, this
> application needs to be able to move to ANY hosting provider with very
> little configuration.
>
> So I thought "Hmm, ok, well I'll just run a 'get_magic_quotes_gpc()' check
> and escape where magic quotes are off. This shouldn't cause a problem with
> my own code because I've turned magic_quotes off anyways.
>
> Problem is the 'get_magic_quotes_gpc()' function doesn't seem able to pickup
> the htaccess directive that turns them off, so it is always reported on.
> This basically traps me into not being able to check if they're on or off,
> or simply counting on them for my own application and leaving them on (I
> have no access to the .ini to turn them off at all).
>
> Worse yet, on the other side - if I go with my .htaccess and just always
> turn them off like I have been doing, this will come back to bite me if we
> have to put this application on an IIS server where turning them off is not
> an option. From what I understand, there's no way to turn them off at
> runtime.
>
> Any ideas on the best way to handle this?

if (get_magic_quotes_gpc()){
function undoAddSlashes($formval){
return stripslashes($formval);
}
} else {
function undoAddSlashes($formval){
return $formval;
}
}

When accessing GPC data I *always* run it through undoAddSlashes.
Depending on whether magic quotes is active, undoAddSlashes will
perform the stripslashes. No wondering which to do or ini_set (which
doesn't work with magic quotes anyway, since by the time your ini_set
fires it has already added the slashes)

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация