Article:  |
Ten Security Checks for PHP, Part 1 | |
| Subject: | magic quotes | |
| Date: | 2003-03-26 09:51:33 | |
| From: | melvyn | |
|
Response to: magic quotes
|
||
|
This is easily done by using the following function (you could even extend it with a second argument say "$which='gpc'"): =========== function safe_addslashes($string) { static $setting; if(empty($setting)) { $setting = (get_magic_quotes_gpc()) ? 'yup' : 'nope'; } return ($setting == 'yup') ? $string : addslashes($string); } =========== And it's counterpart: =========== function safe_stripslashes($string) { static $setting; if(empty($setting)) { $setting = (get_magic_quotes_gpc()) ? 'yup' : 'nope'; } return ($setting == 'yup') ? stripslashes($string) : $string; } =========== Using a simple find/sed|perl combination you can change all calls to add|stripslashes in your files relatively easy and can switch the magic_quotes_gpc option on and off at will, without this affecting security nor output.
|
||
Women in Technology
Hear us Roar
