sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-29 23:38:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/reference/info/functions/get-magic-quotes-gpc.xml
Aidan Lister f01da4d71d Updated example to handle "deep" arrays 
git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@162778 c90b9560-bf6c-de11-be94-00142212c4b1
2004-07-06 22:42:47 +00:00

121 lines
3.7 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision: 1.10 $ -->
<!-- splitted from ./en/functions/info.xml, last change in rev 1.2 -->
<refentry id="function.get-magic-quotes-gpc">
<refnamediv>
<refname>get_magic_quotes_gpc</refname>
<refpurpose>
Gets the current configuration setting of magic quotes gpc
</refpurpose>
</refnamediv>
<refsect1>
<title>Description</title>
<methodsynopsis>
<type>int</type><methodname>get_magic_quotes_gpc</methodname>
<void/>
</methodsynopsis>
<simpara>
Returns the current configuration setting of <link
linkend="ini.magic-quotes-gpc">magic_quotes_gpc</link> (0 for
off, 1 for on).
</simpara>
<note>
<para>
If the directive <link linkend="ini.magic-quotes-sybase">
magic_quotes_sybase</link> is ON it will completely
override <parameter>magic_quotes_gpc</parameter>. So even
when <function>get_magic_quotes</function> returns
&true; neither double quotes, backslashes or NUL's will
be escaped. Only single quotes will be escaped. In this
case they'll look like: <emphasis>''</emphasis>
</para>
</note>
<simpara>
Keep in mind that the setting <link linkend="ini.magic-quotes-gpc">
magic_quotes_gpc</link> will not work at runtime.
</simpara>
<para>
<example>
<title><function>get_magic_quotes_gpc</function> example</title>
<programlisting role="php">
<![CDATA[
<?php
echo get_magic_quotes_gpc(); // 1
echo $_POST['lastname']; // O\'reilly
echo addslashes($_POST['lastname']); // O\\\'reilly
if (!get_magic_quotes_gpc()) {
$lastname = addslashes($_POST['lastname']);
} else {
$lastname = $_POST['lastname'];
}
echo $lastname; // O\'reilly
$sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')";
?>
]]>
</programlisting>
</example>
</para>
<para>
In the interests of writing portable code (code that works
in any enviroment), or, if you do not have access to change
php.ini, you may wish to disable the effects of magic quotes
on a per-script basis. This can be done in two ways, with a
directive in a .htaccess file (php_value magic_quotes_gpc 0),
or by adding the below code to the top of your scripts.
<example>
<title>Disabling magic quotes at runtime</title>
<programlisting role="php">
<![CDATA[
<?php
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
]]>
</programlisting>
</example>
Magic-quotes was added to reduce code written by beginners from being dangerous.
If you disable magic quotes, you must be very careful to protect yourself from
SQL injection attacks.
</para>
<simpara>
See also <function>addslashes</function>,
<function>stripslashes</function>,
<function>get_magic_quotes_runtime</function>, and
<function>ini_get</function>.
</simpara>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in a new issue View git blame Copy permalink