Magic quotes (get_magic_quotes_gpc()) comes with PHP. When turned on it will escape incoming (Through GET or POST) quotes using a backslash.
This function will automatically filter out the slashes that are automatically added if you have magic quotes turned on.
| PHP Code |
|---|
<?php
function stripMagicQuotes($iS)
{
if (!is_array($iS))
{
return stripslashes($iS);
}
else
{
return array_map('stripMagicQuotes', $iS);
}
}
?>
|
| Select all |
The stripMagicQuotes function checks to see if it isnt an array, and strips the slashes. If it's not an array we make it array so it will return true next time.
| PHP Code |
|---|
<?php
if (get_magic_quotes_gpc())
{
$_GET = stripMagicQuotes($_GET);
$_POST = stripMagicQuotes($_POST);
}
?>
|
| Select all |
We check if magic quotes is enabled and if it is, then it will strip all $_GET and $_POST's of incoming slashes.
| PHP Code |
|---|
<?php
function stripMagicQuotes($iS)
{
if (!is_array($iS))
{
return stripslashes($iS);
}
else
{
return array_map('stripMagicQuotes', $iS);
}
}
if (get_magic_quotes_gpc())
{
$_GET = stripMagicQuotes($_GET);
$_POST = stripMagicQuotes($_POST);
}
?>
|
| Select all |
To stripMagicQuotes($_POST['username']) for example, just include this function into any page you want them to be filtered and will work fine.
Nobody posted any comments regarding this story. Be the first!
Discuss