Re: Turning off magic_quotes_gpc?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for the replies, I got caught up in another project and wasn't able to get back to this. The problem is that I've located a couple of scripts that are already on the system and are acting up and I believe it's due to magic quotes being on. Is there a way I could turn magic quotes off on a file by file basis or even just folders at a time to test things systematically before I turn things off system wide?

Cheers,
Michael



knl@xxxxxxxxxxx
February 10, 2011 5:40 PM

On Thu, 10 Feb 2011 14:52:26 -0500
"Bob McConnell" <rvm@xxxxxxxxx> wrote:

It's a good idea to turn it off as soon as possible. However, you need
to test your site to make sure it won't broke something first.

You have to test not only your site, but also the data that possible
lies in the database, if any.

There is a way to undo the results of magic quotes. We have
implemented it on a number of sites so that we won't care when it
gets turned off. Early in the script we have the following code:

    // If magic quotes is on, we want to remove slashes
    if (get_magic_quotes_gpc()) {
      // Magic quotes is on
      $response = stripslashes($_GET[$key]);
    }

Many people use this approach or something similar and when you use
that from the beginning of production, it's not a problem. 

If however you are going to turn Magic Quotes off while running a
production system where it was previously turned on, you might run into
problems. 

Don't trust this method blindly. You have to remember that stripslashes
will only remove a single slash. If, for some reason, data has been
pulled out, updated, and re-inserted it may contain several slashes
(because each time Magic Quotes will add a new slash).

If you are turning off Magic Quotes on a system that has been running
with Magic Quotes on, you have to inspect the data manually to be safe.

---
Kind regards

Kim N. Lesmer
Programmer/Unix systemadministrator

Web    : www.bitflop.com
E-mail : knl@xxxxxxxxxxx



Bob McConnell
February 10, 2011 2:52 PM

From: Michael Stroh

I'm maintaining various php scripts on a server that was originally 
configured to have magic_quotes_gpc turned on. The installed php
version 
is 5.2.6. I've read that magic_quotes_gpc is deprecated in 5.3 and 
continuing to use it is "highly discouraged." I've ran into a few
fields 
that I believe this is causing issues with so I'm considering turning
it 
off but am wondering what steps should I take to make sure that
nothing 
breaks and what should I look out for? Also, is it still a good idea
to 
turn off since this installation isn't yet at 5.3?

It's a good idea to turn it off as soon as possible. However, you need
to test your site to make sure it won't broke something first.

There is a way to undo the results of magic quotes. We have implemented
it on a number of sites so that we won't care when it gets turned off.
Early in the script we have the following code:

    // If magic quotes is on, we want to remove slashes
    if (get_magic_quotes_gpc()) {
      // Magic quotes is on
      $response = stripslashes($_GET[$key]);
    }

Bob McConnell



Michael Stroh
February 10, 2011 2:40 PM

I'm maintaining various php scripts on a server that was originally configured to have magic_quotes_gpc turned on. The installed php version is 5.2.6. I've read that magic_quotes_gpc is deprecated in 5.3 and continuing to use it is "highly discouraged." I've ran into a few fields that I believe this is causing issues with so I'm considering turning it off but am wondering what steps should I take to make sure that nothing breaks and what should I look out for? Also, is it still a good idea to turn off since this installation isn't yet at 5.3?

Cheers,
Michael



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux