Re: Stripslashes redundancy question.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Oct 24, 2010 at 6:29 PM, Gary <gpaul@xxxxxxxxxxxxxxxx> wrote:

> In my form processing scripts, I usually have the variable set as so:
>
> $email = stripslashes($_POST['email']);
>
> I have discovered that the program that I use has a pre-written function of
> this:
>
> // remove escape characters from POST array
> if (get_magic_quotes_gpc()) {
>  function stripslashes_deep($value) {
>    $value = is_array($value) ? array_map('stripslashes_deep', $value) :
> stripslashes($value);
>    return $value;
>    }
>  $_POST = array_map('stripslashes_deep', $_POST);
>  }
>
> I just put this in a script that I have been using, leaving the original
> stripslashes in the variable. The script still works, but is there a
> problem
> with redundancy, or does one cancel the other out?
>
> Also, which do you think is a better method to use?
>
> Thank you
>
> Gary
>
>
>
> __________ Information from ESET Smart Security, version of virus signature
> database 5560 (20101024) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
Hi Gary,

Calling stripslashes() more than once on the same string can cause issues.
 That said, I'd point out that as of PHP 5.3, the use of magic_quotes_gpc()
has been deprecated:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc

<http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc>This
was after many criticisms were leveled against the use of magic quotes:
http://en.wikipedia.org/wiki/Magic_quotes

So, my inclination is to turn off magic quotes if they're on by using
php.ini -OR- htaccess  (if at all possible) rather than checking if they are
on and strip them if needed.

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux