php中的魔术报价Gpc的解决方法

Question

The servers have magic quotes on and it cannot be turned off for some reason.....now stripslashes would remove all the slashes added by magic quotes,but if user has put slashes in the input field(we are allowing slashes), the stripslashes would remove that as well.

I am trying for a regex which would remove the slashes only if it is preceded by {',",}....

Any help would be appreciated.

Answer 1

I use this code in config file:

// remove slashes, if they are being automatically added
if ( get_magic_quotes_gpc () ) {
    $_GET    = array_map('stripslashes', $_GET);
    $_POST   = array_map('stripslashes', $_POST);
    $_COOKIE = array_map('stripslashes', $_COOKIE);
    $_REQUEST = array_map('stripslashes', $_REQUEST); // see ThiefMaster's comment
}

That's the only place where I have to worry about slashes. In all other places I can safely assume that there are no "magic quotes".

Though, stripslashes() does not work with arrays, so if you expect to have arrays as values in $_GET, $_POST or $_COOKIE (in public web pages/systems, you DO expect to have arrays), this function might be used as a callback:

function stripslashes_recursive($value) {
    if ( is_array($value) ) {
        return array_map(__FUNCTION__, $value);
    }
    return stripslashes($value);
}

---

PHP 5.3 users might use a closure as a callback:

$stripslashes = function($value) use(&$stripslashes) {
    if ( is_array($value) ) {
        return array_map($stripslashes, $value);
    }
    return stripslashes($value);
};

This won't pollute a global scope with additional function ( stripslashes_recursive() ).