Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Magic Quotes Problem

Status
Not open for further replies.
blinkbob123

blinkbob123

Technical User
Feb 3, 2005
4
GB
Hi, I wish to use magic quotes but it has been disabled on my server. I'm not too great with arrays but tried putting:

code:------------------------------------------------------$global = @array(0 => $_GET, 1 => $_POST, 2 => $_ENV, 3=> $_COOKIE, 4=> $_SESSION, 5 => $_SERVER, 6 => $_FILES);

if(!get_magic_quotes_gpc()) {
foreach($global as $key => $val) {
$global[$key] = addslashes($val);
}
}
-----------------------------------------------------------

in a header file on my website. But it did not work. Is this the correct/secure way to do it and if so how do I fix it. Thanks
 
Sort by date Sort by votes
As far as your posted code goes:
In your foreach, $val is going to be an array, not a singleton value. You can't pass an array to addslashes().

Also, the array your code should reference is $GLOBALS, not $global. PHP arrays are case-specific, and you will want to reference the actual superglobal, not a local variable.


However:
Dumping all values into $GLOBAL is the same thing as configuring PHP with register_globals set to "on". As the [link]PHP online manual entry titled "Using Register Globals"[/url], setting register_globals to "on" is a bad thing.

I strongly recommend that you just apply addslashes() or mysql_escape_string() or whathaveyou as you use each variable.

Want the best answers? Ask the best questions!

TANSTAAFL!!
 
Upvote 0 Downvote
Hi cheers, I want to make sure my script works on a server which has magic quotes enable or disabled. Will the following work fine if I use the function fixslashes on any variables which will be used in a mysql insert statement. Cheers

$test = fixslashes($_POST['test'])

function fixslashes($var) {
if(!get_magic_quotes_gpc()) {
$var = addslashes($var);
}

return $var
}
 
Upvote 0 Downvote
How about:
Code: 
function fixslashes($str)
{
   return (addslashes(stripslashes($str));
}
If magic quotes are disabled, the stripslashes function doesn't do anything. If magic quotes are turned on, it does it's work. Then the addslashes function does it's work no matter what.

Ken
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jason.lex
  • Locked
  • Question
Problem with table output and calendar picker bug
Replies
3
Views
176
spamjim
spamjim
charlion
  • Locked
  • Question
another json problem. 1
Replies
2
Views
186
charlion
charlion
Krus1972
  • Locked
  • Question
Special Character Filter Function Problem
Replies
2
Views
173
Unscruffed
Unscruffed
someoneneedshelps
  • Locked
  • Question
simple dom problem
2 3
Replies
50
Views
859
someoneneedshelps
someoneneedshelps
someoneneedshelps
  • Locked
  • Question
foms in php problem 2
Replies
14
Views
352
Olaf Doschke
Olaf Doschke

Part and Inventory Search

Sponsor

Back
Top