...or if you don't know where it's going to end up and you don't know if you're
able to disable them you can use this function instead of addslashes() - which is
what I do:
// Bogdan Stancescu <[EMAIL PROTECTED]>, 2001
function gpc_slashes($unslashed)
{
if (phpversion()>=4) {
if (ini_get("magic_quotes_gpc")) {
return($unslashed);
} else {
return(addslashes($unslashed));
}
} else {
return(addslashes($unslashed));
}
}
Bogdan
Michael Sims wrote:
> > > Just curious, but why are you having to stripslashes() on the data coming
> > > out of the database? Do you have magic_quotes_runtime enabled on your
> > server?
> >
> >I honestly don't know... all I know is that I'm adding slashes on the
> >way into the database, and stripping them on the way out, because
> >without them, I was getting errors / slashes everywhere.
> >
> >It's a shared server at an ISP, so I don't have any real control. i
> >seem to be having the same "problem" on my office test server too (where
> >I DO have control, but I'm keen to keep both environments as close to
> >the same as possible.
>
> Normally the data INSIDE your database should not contain any slashes other
> than actual literal slashes. If your data INSIDE does contain slashes,
> they were most likely added a second time by mistake. This usually happens
> when you have a script that calls addslashes() on data being entered while
> at the same time having magic_quotes_gpc enabled. This means that
> magic_quotes_gpc performs an implicit addslashes() and your script is
> performing a additional, unnecessary addslashes() AGAIN.
>
> Another cause for this issue is that your server has magic_quotes_runtime
> enabled. If this setting is enabled, then ANY data from any external
> source will have addslashes() performed on it, including data that is
> returned from an SQL query.
>
> The first case is, IMHO, an actual problem, and the second case is merely a
> nuisance.
>
> In my opinion, is it MUCH easier to code your applications to assume that
> NEITHER magic_quotes_gpc or magic_quotes_runtime will be enabled. I've
> found it's much less confusing to manually addslashes() when I need to than
> to go around stripping them out because too many were added in the first
> place. And if you are ever afraid that your script might be used in an
> environment that has these settings enabled, you can always explicitly
> disable them by:
>
> ini_set("magic_quotes_gpc","off");
> ini_set("magic_quotes_runtime","off");
>
> Or if you use Apache and your script directory has an AllowOverride of at
> least Options, you can set the following in an .htaccess:
>
> php_flag magic_quotes_gpc off
> php_flag magic_quotes_runtime off
>
> Anyway...if you're curious as to which setting your ISP is using you can
> create a script that calls phpinfo() and read the output...
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
