ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

AddThis Social Bookmark Button
Article:
  Ten Security Checks for PHP, Part 1
Subject:   magic quotes
Date:   2003-03-26 09:51:33
From:   melvyn
Response to: magic quotes

This is easily done by using the following function (you could even extend it with a second argument say "$which='gpc'"):
===========
function safe_addslashes($string)
{
static $setting;

if(empty($setting))
{
$setting = (get_magic_quotes_gpc()) ? 'yup' : 'nope';
}

return ($setting == 'yup') ? $string : addslashes($string);
}
===========
And it's counterpart:
===========
function safe_stripslashes($string)
{
static $setting;

if(empty($setting))
{
$setting = (get_magic_quotes_gpc()) ? 'yup' : 'nope';
}

return ($setting == 'yup') ? stripslashes($string) : $string;
}
===========
Using a simple find/sed|perl combination you can change all calls to add|stripslashes in your files relatively easy and can switch the magic_quotes_gpc option on and off at will, without this affecting security nor output.


HTH