On Jun 17, 2009, at 16:14 , MarkDNA wrote:
Mantasgl wrote:
Hi,
I found that in my hosting company magic_quotes_gpc is on by default.
I can't turn them off in my .htaccess file, I get internal sever
error. I
used both:
php_flag magic_quotes_gpc Off
php_value magic_quotes_gpc Off
I solved this problem by adding this code in my bootstrap:
if (get_magic_quotes_gpc())
{
function stripMagicQuotes(&$value)
{
$value = (is_array($value))
? array_map('stripMagicQuotes', $value)
: stripslashes($value);
return $value;
}
stripMagicQuotes($_GET);
stripMagicQuotes($_POST);
stripMagicQuotes($_COOKIE);
}
Is this a good tecnique? Maybe there is other solutions?
That's pretty much what the php manual has for the situation. A note
- your
stripMagicQuotes() returns a value, so you need: $_GET =
stripMagicQuotes($_GET); and so on.
A similar plan is outlined here:
http://talks.php.net/show/php-best-practices/26
To wit:
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k,$v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] =& $in[$k][$key];
}
}
unset($in);
}
Solar does this automatically in its Solar_Request::reset() method;
you can see actual usage there if you want other security/convenience
hints:
<http://svn.solarphp.com/core/trunk/Solar/Request.php>
Hope this helps.
--
Paul M. Jones
http://paul-m-jones.com/
