When you make a PHP script, but you do not know how PHP is configured on the server the script is being executed on, you might not know whether or not to add or strip quotes from get and post data. Notice that the $_FILES array is not affected by magic quotes.
Warning: one should handle slashes on keys also, not only values. See first comment.
Here is a script that strips away magic quotes, if they were added:
- < ?
- if(get_magic_quotes_gpc()) {
- function undo_magic_quotes($array) {
- return is_array($array) ? array_map('undo_magic_quotes', $array) : stripslashes($array);
- }
- $_GET = undo_magic_quotes($_GET);
- $_POST = undo_magic_quotes($_POST);
- $_COOKIE = undo_magic_quotes($_COOKIE);
- $_REQUEST = undo_magic_quotes($_REQUEST);
- }
- ?>
And likewise, here is a script that adds magic quotes, if they were not already applied:
Continue reading