PHP6, Magic quotes & the “best practice“

7/24/2007 12:30:00 AM | Permanent Link | Comments (4)
All the code that was employing the considered “best practice“ for Magic Quotes in PHP, apparently fails when it comes to PHP6, since magic quotes has been officially removed from the sources; a good thing, of course. I discovered this as we moved to a new version of PHP @ work.

So an updated version of what I think would be “best practice“, and backwards compatible.

<?php
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}

if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
$_GET = stripslashes_deep($_GET);
$_POST = stripslashes_deep($_POST);
$_COOKIE = stripslashes_deep($_COOKIE);
$_REQUEST = stripslashes_deep($_REQUEST);
}

[ 4 Comments ]

Mukul Sabharwal is an engineering student at Iowa State University and writes software for a living.

Comments (Add Comment)

4 comment(s)

why not have only stripslashes? why need deep?

nice tip

The deep is used for arrays and recursive calls to strip them too. So for like multi-select boxes

Hopefully they'll wisen up and restore the same function that just returns false.

Archives

RSS for mjsabby.com CSS2 Valid XHTML 1.0 Strict Valid

A trip down memory lane; help yourself, and go browsing my older posts ...

Elsewhere

Advertisement