#1
  1. No Profile Picture
    Dev
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2001
    Posts
    1,436
    Rep Power
    44

    PHP3 magic quotes gpc/runtime detect/emulate blah blah


    Hey guys,

    I know there is a way to detect if magic quotes gpc is on back to PHP3, but it looks like ini_get() is a PHP4 only function.

    Is there some sort of fool proof method to detecting magic quotes gpc, magic quotes runtime, and magic quotes sybase, and stripping/adding slashes/quotes if necessary? Another problem is it's not as easy as

    PHP Code:
    while(@list($key,$value) = @each($GLOBALS))
          
    $GLOBALS[$key] = *slashes($value); 
    Because I use arrays in my forms. How would I compensate for that? I'm kind of wondering how print_r() works, because I'd like to have some sort of method of stepping through an array and knowing if it goes a level deeper, not to treat it as a scalar... etc.

    I'm really trying to keep my programs as versatile as I possibly can. I've been developing w/ register_globals off, used all PHP3 compatible stuff, and I think I've finally gotten the setcookie mess all worked out. Now this is the last major thing...

    Thanks for any help.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2000
    Posts
    763
    Rep Power
    0
    I believe that the get_magic_quotes_gpc() might work. The manual says that it should work for php3... (PHP 3>= 3.0.6, PHP 4 >= 4.0.0)

    Eclipce
  4. #3
  5. No Profile Picture
    Dev
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2001
    Posts
    1,436
    Rep Power
    44
    I know there is a way to detect if magic quotes gpc is on back to PHP3
    ^^

    I knew that, but that doesn't help with magic quotes runtime or sybase, and the problem with adding/stripping slashes on everything including arrays. Thanks anyway.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2000
    Posts
    763
    Rep Power
    0
  8. #5
  9. No Profile Picture
    Dev
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2001
    Posts
    1,436
    Rep Power
    44
    ok, thanks.
    i figured out how to do a recursive array walking method to add or strip the slashes.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2001
    Location
    In a multi-cultural mess.
    Posts
    569
    Rep Power
    17
    JeffCT,

    At the start of my "main line" I use the following --

    $GLOBALS= maStrip($GLOBALS);
    reset($GLOBALS);

    to invoke the following function --
    PHP Code:
    function maStrip($it)
    { if (
    get_magic_quotes_gpc() == 0)
        return;
      if (
    is_array($it))
        while(list(
    $k,$v) = each($it))
          
    $it[$k]= maStrip($v);
      else
        if (
    is_string($it))
          
    $itstripslashes($it);
      return(
    $it);

    If "magic_quotes_gpc" has escaped single and/or double quotes,
    the function undoes that escaping. Since it is recursive, it works its
    way through all arrays including HTTP_POST_VARS, HTTP_GET_VARS, etc.

    Now I don't care whether "magic_quotes_gpc" is on or off.

    Robert
    Robert
    ---
    If it's hard, it's probably wrong.
  12. #7
  13. No Profile Picture
    Dev
    Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2001
    Posts
    1,436
    Rep Power
    44
    yeah that's a good idea, that's kind of what my code looks like now. uses a recursive function..
    But I'm wodnering, why would you want to turn magic quotes gpc Off?
    I've tried it and seems to have no benefit. I think I'm going to check for if magic quotes gpc is off and then add slashes if it is. Otherwise I have to worry about adding slashes to every variable I put into the database...
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jan 2001
    Location
    In a multi-cultural mess.
    Posts
    569
    Rep Power
    17
    JeffCT,

    When I started with php3, my ISP had magic_quotes turned OFF.
    When they switched to php4, magic_quotes was turned ON.

    I worked on changing one application for a while but stopped.
    It was easier to write the function than change each 'application'.
    Now I don't care. I guess I am magic_quotes "independent".

    In my applications,
    the number of addslashes() with magic_quotes OFF
    required for database action where fewer than
    the number of stripslashes() with magic_quotes ON
    required to check 'slashed' input lengths and
    echo 'slashed' data back to the screen.

    "Your mileage may vary."

    I like you idea as well, use the same type of function,
    but addslashes rather than stripslashes if that is preferred.
    It would still make scripts "magic_quotes independent".

    Robert
    Robert
    ---
    If it's hard, it's probably wrong.

IMN logo majestic logo threadwatch logo seochat tools logo