Skip to main content

Escaping quotes - moving from PHP4 to PHP5

Image
By User



I've inherited a php4 site that needs to run on my PHP5 Server, I've solved most of the issues but can't figure out what the author was trying to do here. Well, to be precise, he was tring to quote the submitted text but I'm not sure how this function is supposed to work and how I should do it in PHP5?







# Function to safely add slashes when magic quotes is switched off



function safe_slash($string)

{

  if (!get_magic_quotes_gpc())

  {

    $string = addslashes($string);

  }



  return $string;

}




Labels:

Comments

  1. Tips For AllFebruary 15, 2012 at 2:12 AM

    By default PHP4 has an option in PHP.ini turned on called magic_quotes_gpc, it will addslashes to all $_POST/$_GET variables.

    That code simply checks if the value magic_quotes_gpc is turned off, if it is it will addslashes to the $string passed in.

    It should work in PHP4 and PHP5 (in PHP6 magic_quotes_gpc is going to be removed I believe). It's not recommended to rely on though, it was initially for 'protecting' against SQL injection but it has been found to be inadequate.

    ReplyDelete
  2. Tips For AllFebruary 15, 2012 at 2:12 AM

    $_POST = self::addSlashesRecursive($_POST);
    $_GET = self::addSlashesRecursive($_GET);
    $_COOKIE = self::addSlashesRecursive($_COOKIE);

    function addSlashesRecursive($s)
    {
    if (get_magic_quotes_gpc()) {
    return $s;
    }
    if (is_string($s)) {
    return addslashes($s);
    } else if (is_array($s)) {
    return array_map(array('addSlashesRecursive'), $s);
    }
    return $s;
    }


    But for my mind it will be better to change your code. In PHP6 magic_quotes will be removed at all.

    ReplyDelete

Post a Comment

Popular posts from this blog

Why is this Javascript much *slower* than its jQuery equivalent?

By User
I have a HTML list of about 500 items and a "filter" box above it. I started by using jQuery to filter the list when I typed a letter (timing code added later): $('#filter').keyup( function() { var jqStart = (new Date).getTime(); var search = $(this).val().toLowerCase(); var $list = $('ul.ablist > li'); $list.each( function() { if ( $(this).text().toLowerCase().indexOf(search) === -1 ) $(this).hide(); else $(this).show(); } ); console.log('Time: ' + ((new Date).getTime() - jqStart)); } ); However, there was a couple of seconds delay after typing each letter (particularly the first letter). So I thought it may be slightly quicker if I used plain Javascript (I read recently that jQuery's each function is particularly slow). Here's my JS equivalent: document.getElementById('filter').addEventListener( 'keyup', function () { var jsStart = (new Date).getTime()...
3 comments
Read more

Is it possible to have IF statement in an Echo statement in PHP

By User
Thanks in advance. I did look at the other questions/answers that were similar and didn't find exactly what I was looking for. I'm trying to do this, am I on the right path? echo " <div id='tabs-".$match."'> <textarea id='".$match."' name='".$match."'>". if ($COLUMN_NAME === $match) { echo $FIELD_WITH_COLUMN_NAME; } else { } ."</textarea> <script type='text/javascript'> CKEDITOR.replace( '".$match."' ); </script> </div>"; I am getting the following error message in the browser: Parse error: syntax error, unexpected T_IF Please let me know if this is the right way to go about nesting an IF statement inside an echo. Thank you.
5 comments
Read more