Page 1 of 1

magic_quotes_gpc(runtime, sybase)

Posted: Fri Sep 03, 2010 12:08 pm
by miki86
Hi everyone.
Since im using wamp server on my windows pc and i have access to php.ini default values for magic_quotes_gpc, magic_quotes_runtime, magic_quotes_sybase are set to off, which i can change, can anyone tell me what should i keep in mind while processing a form on another server?
Curently im checking for magic_quotes_gpc, should i check for runtime and sybase also?

Code: Select all

if(($_SERVER['REQUEST_METHOD'] == 'POST') && ($action = "newuser")) {
		if(isset($_POST['register'])) {
			if(!get_magic_quotes_gpc()) {
				$_SESSION['username'] = addslashes($_POST['username']);
				$_SESSION['password'] = sha1(addslashes($_POST['password1']));
				$_SESSION['email'] = addslashes($_POST['email1']);
				$_SESSION['location'] = addslashes($_POST['location']);
				$_SESSION['sex'] = addslashes($_POST['sex']);
				$_SESSION['age'] = addslashes($_POST['age']);
			}
			else {
				$_SESSION['username'] = $_POST['username'];
				$_SESSION['password'] = sha1($_POST['password1']);
				$_SESSION['email'] = $_POST['email1'];
				$_SESSION['sex'] = $_POST['sex'];
				$_SESSION['age'] = $_POST['age'];
			}
Thanks.

Re: magic_quotes_gpc(runtime, sybase)

Posted: Tue Sep 07, 2010 6:23 am
by Mordred
What you are trying to do with this code is replicate the behaviour of magic_quotes.
What you should be trying to do is to check if it's enabled, so you can revert the changes it has made to your GPC variables. Then, use proper escaping of everything you put into dynamic SQL queries, regardless of where it comes from.

Re: magic_quotes_gpc(runtime, sybase)

Posted: Tue Sep 07, 2010 10:56 am
by pickle
I only check magic_quotes_gpc(), but I only run my code on servers I control, so maybe I should be checking magic_quotes_runtime() as well. I think you only need to check the *_sybase() quotes if you're running a sybase database.

Re: magic_quotes_gpc(runtime, sybase)

Posted: Tue Sep 21, 2010 12:46 am
by pkphp
Oooops i need this again. Thank you very much .