Coding Critique is the place to post source code for peer review by other members of DevNetwork. Any kind of code can be posted. Code posted does not have to be limited to PHP. All members are invited to contribute constructive criticism with the goal of improving the code. Posted code should include some background information about it and what areas you specifically would like help with.
Popular code excerpts may be moved to "Code Snippets" by the moderators.
It's still necessary to make code portable and account for those setups which have magic quotes gpc enabled. I've been using this function for.. who knows how long. But perhaps it could be improved? I also offer it to share with other folks.
True definition of a snippet. =] I include it in a page that gets included on every page (like a db_connect.php or something). Probably should find a setup that allows for it to be in a permanent location.
if (get_magic_quotes_gpc())
{
$gpc = array('_GET', '_POST', '_COOKIE');
foreach ($gpc AS $sg)
{
if (!empty(${$sg}))
{
foreach (${$sg} AS $k => $v)
{
${$sg}[$k] = stripslashes($v);
}
}
}
}
Last edited by Weirdan on Sat Apr 19, 2008 10:32 am, edited 1 time in total.
Reason:php tags
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Zoxive wrote:I would rather just use a .htaccess file.
Saves the overhead of trying to have php fix the problem during execution.
It's hardly any overhead at all, and applications that require the use of GPC data (such as frameworks and CMS apps), it's good to handle it within the application so that it can be used on any server (even non-Apache servers) without worry.
& what if there is a 2-d array? Good point though - I'm sure the solution will involve either recursion or passing-by-reference somehow - but it's too early in the morning for me to think it through
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
seppo0010:
while I agree keys is good ot be escaped...in my opinion it is totally up to dev for this to cause problem..meaning who will ever want to use
such weird keys...and if passed with form spoof...they are just not used anyway....
Thats why I think this is not necessary...but I could be missing good reason ot espcape keys too.
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: Posting Code in the Forums to learn how to do it too.
if (version_compare(phpversion(), 6) === -1) {
if (get_magic_quotes_gpc()) {
function stripinputslashes(&$input) {
if (is_array($input)) {
foreach ($input as $key => $value) {
$input[$key] = stripinputslashes($value);
}
}
else {
$input = stripslashes($input);
}
return true;
}
array_walk_recursive($_GET, 'stripinputslashes');
array_walk_recursive($_POST, 'stripinputslashes');
array_walk_recursive($_REQUEST, 'stripinputslashes');
}
}
~pickle | Please use [ code=html ], [ code=php ], etc tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: Posting Code in the Forums to learn how to do it too.