magic_quotes_gpc() leveller
Snippet Menu
12
Mon. Oct. 9th, 2006 7:04 AM
Here's a little snippet I got from SitePoint that I now use all the time. Add the code below to the start of each script.
Basically, what this does is checks to see if magic_quotes_gpc() is enabled on the server, and if it is, then it gets rid of all the slashes that magic_quotes_gpc() adds to input from $_GET, $_POST and $_COOKIES globals.
It's a good snippet to use, because it negates the bad programming practices that having magic_quotes_gpc() lets you get away with, and means that you don't really on PHP to validate your input; you get to do it all yourself ;-)
Basically, what this does is checks to see if magic_quotes_gpc() is enabled on the server, and if it is, then it gets rid of all the slashes that magic_quotes_gpc() adds to input from $_GET, $_POST and $_COOKIES globals.
It's a good snippet to use, because it negates the bad programming practices that having magic_quotes_gpc() lets you get away with, and means that you don't really on PHP to validate your input; you get to do it all yourself ;-)
if (get_magic_quotes_gpc()) {
$_GET = array_map('stripslashes',$_GET);
$_POST = array_map('stripslashes',$_POST);
$_COOKIE = array_map('stripslashes',$_COOKIE);
}
Jon Thompson
Comments
Voting
Votes Up
Votes Down
What you should really be doing, of course, is turning mqgpc on in php.ini -- and most hosts, for obvious security reasons, have it on already and refuse to allow .htaccss DISABLING of it.
Of course, you can also activate it via .htaccess, which is less than ideal (since using .htaccess if you don't have to results in quite a few extra stat()s by Apache for every request . . .
In the PHP engine (among a bunch of compiled instructions which really don't give a hoot whether there's a quotemark or not) is a much safer place to validate input. Of course, it only protects you from SQL and PHP injection, and you may need to unquote on occasion, but you as the programmer should know this and code accordingly. To turn off mqgpc because it encourages laxity is akin to refusing to wear sunscreen because it encourages staying too long in the sun.
I've got good news, and I've got bad news:
The universe is merely a figment of my imagination.
Now are you ready for the bad news?