|
|
|
The magic_quotes_gpc
directive may only be disabled at the system level, and not at
runtime. In otherwords, use of ini_set() is not
an option.
Example 31-1. Disabling magic quotes server side
An example that sets the value of these directives to
Off in php.ini. For additional details, read the
manual section titled How to
change configuration settings.
; Magic quotes
;
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off |
If access to the server configuration is unavailable, use of
.htaccess is also an option. For example:
php_flag magic_quotes_gpc Off |
|
In the interest of writing portable code (code that works in any
environment), like if setting at the server level is not possible,
here's an example to disable
magic_quotes_gpc at runtime. This method is inefficient so
it's preferred to instead set the appropriate directives elsewhere.
Example 31-2. Disabling magic quotes at runtime <?php
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
?> |
|
|
|
|
Why not to use Magic Quotes
