12-27-2007, 08:54 AM
For some reason I've to run set_magic_quotes_runtime(1)(I know the risk), but it doesn't work in my server.
For the code
print 'get_gpc : '.ini_get("magic_quotes_gpc");
print '<br/>set mq : '.set_magic_quotes_runtime(1);
print '<br/>get mq : '.get_magic_quotes_gpc(void);
get_gpc : 1
set mq : 1
get mq : 1 in my local server, but
set mq : 1
get mq : 0
in my original server.
12-27-2007, 10:09 AM
magic_quotes_runtime and magic_quotes_gpc are two different things. You might be looking for get_magic_quotes_runtime() (http://php.net/get_magic_quotes_runtime), but it is being turned on according to your output:
print '<br/>set mq : '.set_magic_quotes_runtime(1); // set mq : 1 is returned
12-27-2007, 04:13 PM
Thanks, For the time being,I solved out by writing a foreach loop on all POST values to addslashes.
(And started to rewrite the entire code ;))
12-27-2007, 06:32 PM
I believe I saw posted comments from a php.net meeting where magic quotes have been removed in php6. Don't depend on magic quotes to do anything in your code for you as your code will probably stop working and need to be rewritten under php6.
See this link (and the link to the php.net address it contains) - http://www.bhsdesign.com/forums.php?m=posts&p=9087
magic quotes was another lazy way short cut, like register globals, of getting the php language to do something that the programmer should have been doing himself and only when he wanted it to be done that have caused more problems and wasted code to detect and work-a-round than what they were worth.
If you are using a database, you should be using mysql_real_escape_string() instead of addslashes().
12-28-2007, 03:50 PM
Thanks, that's an eye opener and I've gone through various links like
addslashes() vs mysql_real_escape_string()...the final debate PHP (www.sitepoint.com/forums/showthread.php?t=337881) and their sublinks. All of them will definitely help me to improve in these areas.