On Thu, 10 Feb 2011 14:52:26 -0500
"Bob McConnell" <rvm@xxxxxxxxx> wrote:
> It's a good idea to turn it off as soon as possible. However, you need
> to test your site to make sure it won't broke something first.
You have to test not only your site, but also the data that possible
lies in the database, if any.
> There is a way to undo the results of magic quotes. We have
> implemented it on a number of sites so that we won't care when it
> gets turned off. Early in the script we have the following code:
>
> // If magic quotes is on, we want to remove slashes
> if (get_magic_quotes_gpc()) {
> // Magic quotes is on
> $response = stripslashes($_GET[$key]);
> }
Many people use this approach or something similar and when you use
that from the beginning of production, it's not a problem.
If however you are going to turn Magic Quotes off while running a
production system where it was previously turned on, you might run into
problems.
Don't trust this method blindly. You have to remember that stripslashes
will only remove a single slash. If, for some reason, data has been
pulled out, updated, and re-inserted it may contain several slashes
(because each time Magic Quotes will add a new slash).
If you are turning off Magic Quotes on a system that has been running
with Magic Quotes on, you have to inspect the data manually to be safe.
---
Kind regards
Kim N. Lesmer
Programmer/Unix systemadministrator
Web : www.bitflop.com
E-mail : knl@xxxxxxxxxxx
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
