Re: Turning off magic_quotes_gpc?

[Michael Stroh <stroh@xxxxxxxxxx>]

Thanks for the replies, I got caught up in another project and wasn't able to get back to this. The problem is that I've located a couple of scripts that are already on the system and are acting up and I believe it's due to magic quotes being on. Is there a way I could turn magic quotes off on a file by file basis or even just folders at a time to test things systematically before I turn things off system wide?

Cheers,
Michael

---

knl@xxxxxxxxxxx February 10, 2011 5:40 PM

On Thu, 10 Feb 2011 14:52:26 -0500
"Bob McConnell" <rvm@xxxxxxxxx> wrote:

It's a good idea to turn it off as soon as possible. However, you need
to test your site to make sure it won't broke something first.

You have to test not only your site, but also the data that possible
lies in the database, if any.

There is a way to undo the results of magic quotes. We have
implemented it on a number of sites so that we won't care when it
gets turned off. Early in the script we have the following code:

    // If magic quotes is on, we want to remove slashes
    if (get_magic_quotes_gpc()) {
      // Magic quotes is on
      $response = stripslashes($_GET[$key]);
    }

Many people use this approach or something similar and when you use
that from the beginning of production, it's not a problem. 

If however you are going to turn Magic Quotes off while running a
production system where it was previously turned on, you might run into
problems. 

Don't trust this method blindly. You have to remember that stripslashes
will only remove a single slash. If, for some reason, data has been
pulled out, updated, and re-inserted it may contain several slashes
(because each time Magic Quotes will add a new slash).

If you are turning off Magic Quotes on a system that has been running
with Magic Quotes on, you have to inspect the data manually to be safe.

---
Kind regards

Kim N. Lesmer
Programmer/Unix systemadministrator

Web    : www.bitflop.com
E-mail : knl@xxxxxxxxxxx

---

Bob McConnell February 10, 2011 2:52 PM

From: Michael Stroh

I'm maintaining various php scripts on a server that was originally 
configured to have magic_quotes_gpc turned on. The installed php

version 

is 5.2.6. I've read that magic_quotes_gpc is deprecated in 5.3 and 
continuing to use it is "highly discouraged." I've ran into a few

fields 

that I believe this is causing issues with so I'm considering turning

it 

off but am wondering what steps should I take to make sure that

nothing 

breaks and what should I look out for? Also, is it still a good idea

to 

turn off since this installation isn't yet at 5.3?

It's a good idea to turn it off as soon as possible. However, you need
to test your site to make sure it won't broke something first.

There is a way to undo the results of magic quotes. We have implemented
it on a number of sites so that we won't care when it gets turned off.
Early in the script we have the following code:

    // If magic quotes is on, we want to remove slashes
    if (get_magic_quotes_gpc()) {
      // Magic quotes is on
      $response = stripslashes($_GET[$key]);
    }

Bob McConnell

---

Michael Stroh February 10, 2011 2:40 PM

I'm maintaining various php scripts on a server that was originally configured to have magic_quotes_gpc turned on. The installed php version is 5.2.6. I've read that magic_quotes_gpc is deprecated in 5.3 and continuing to use it is "highly discouraged." I've ran into a few fields that I believe this is causing issues with so I'm considering turning it off but am wondering what steps should I take to make sure that nothing breaks and what should I look out for? Also, is it still a good idea to turn off since this installation isn't yet at 5.3?

Cheers,
Michael