Page 2 of 2

Re: problems with a login/register script

Posted: Thu Apr 29, 2010 1:47 am
by cwheel3915
I forgot to put in the database name. It now works!!! YAY

Im going to attempt to use the principals from this to rewrite the login code.


Code: Select all

  # If Magic Quotes are enabled, stripslashes()
   if(get_magic_quotes_gpc()) {
      $input = array(&$_GET, &$_POST, &$_COOKIE, &$_ENV, &$_SERVER);
      
      while(list($k, $v) = each($input)) {
        foreach($v as $key => $val) {
          if(!is_array($val)) {
            $input[$k][$key] = stripslashes($val);
            continue;
          }
          $input[] =& $input[$k][$key];
        }
      }
      unset($input);
    }
What is magic quotes? Also this just strips lashes correct?

Re: problems with a login/register script

Posted: Thu Apr 29, 2010 10:56 am
by flying_circus
Magic Quotes came about to auto escape certain characters that have meaning to the PHP language. For example, single and double quotes, backslash, and null.

If we asked a user to enter their name on a form, they would enter "Tim O'Reily". Magic Quotes would auto-escape this to "Tim O\`Reily" and then, by them time you add slashes prior to inserting into a query, it may be "Tim O\\`Reily" negating the escaping and leaving the possibility for injection.

Magic Quotes have been deprecated in PHP 5.3.0, so to keep your code backwards compatible, check if the magic_quotes_gpc directive is set to true, and if it is, strip slashes.

Re: problems with a login/register script

Posted: Thu Apr 29, 2010 11:17 am
by cwheel3915
Thank you a whole lot, you have been very helpful.