Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts

    magic quotes question

    So im guessing since set magic quotes is no longer available as of php5.4 i can just remove most of this entirely?


    PHP Code:
    if (get_magic_quotes_gpc() && is_string($get_value))
          {
          
    $get_value stripslashes($get_value);
          }
          
    set_magic_quotes_runtime(0);
          
    $get_value is_string($get_value) ? mysqli_real_escape_string($myconnect$get_value) : $get_value
    and just convert it to this


    PHP Code:

    if (get_magic_quotes_gpc() && is_string($get_value)) 
          {
          
    $get_value stripslashes($get_value);
          }
          
          
    $get_value is_string($get_value) ? mysqli_real_escape_string($myconnect$get_value) : $get_value
    Last edited by durangod; 02-06-2013 at 11:03 AM. Reason: sorry i meant set magic quotes not get magic quotes but still same issue

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,332
    Thanks
    60
    Thanked 526 Times in 513 Posts
    Blog Entries
    4
    Quote Originally Posted by durangod View Post
    So im guessing since set magic quotes is no longer available as of php5.4 i can just remove most of this entirely?


    PHP Code:
    if (get_magic_quotes_gpc() && is_string($get_value))
          {
          
    $get_value stripslashes($get_value);
          }
          
    set_magic_quotes_runtime(0);
          
    $get_value is_string($get_value) ? mysqli_real_escape_string($myconnect$get_value) : $get_value
    and just convert it to this


    PHP Code:

    if (get_magic_quotes_gpc() && is_string($get_value)) 
          {
          
    $get_value stripslashes($get_value);
          }
          
          
    $get_value is_string($get_value) ? mysqli_real_escape_string($myconnect$get_value) : $get_value
    Erm I dunno if you realised or not but converting the first code to the other would be pointless - they're the same

    As for the get_magic_quotes_gpc(), I'd be interested to know if that function will still exist. I would think it would for backwards compatibility but I've not the vaguest idea where to look to find out. Fou is much more into the latest PHP developments than most so he will be certain to know.

    Edit:
    Whoops just realised the difference, you're using set_magic_quotes_runtime(0) in the first code - doh!
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    yeah i had to change my post before cause i got turned around too..

    But what i was thinking is that since

    PHP Code:
    set_magic_quotes_runtime(0); 
    is being removed then shortly after

    PHP Code:
    get_magic_quotes_gpc() 
    will go bye bye as well.

    And that changes that whole statment in my post, i would rather make the change now then have to redo this later when they both are gone, i just dont know what to use instead.
    Last edited by durangod; 02-06-2013 at 12:12 PM.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Best I can tell, get_magic_quotes_gpc will persist. At least for now. set_magic_quotes_runtime is gone.
    So ultimately, that is a pain.
    You do not require it if you do not share your code AND you are on 5.4+. If you do share your code, you still require it, and then some:
    PHP Code:
    if (get_magic_quotes_gpc() && is_string($get_value))
          {
          
    $get_value stripslashes($get_value);
          }
        if (
    function_exists('set_magic_quotes_runtime'))
        {
            
    set_magic_quotes_runtime(0);
        }
          
    $get_value is_string($get_value) ? mysqli_real_escape_string($myconnect$get_value) : $get_value
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    durangod (02-06-2013)

  • #5
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    Nicely done Fou-Lu

    PHP Code:
    if (function_exists('set_magic_quotes_runtime')) 
    That is such a perfect solution for now. I didnt think outside the box on that one. Great job...

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Yep.
    Another way is to reflect it. I personally like reflection:
    PHP Code:

    try
    {
        
    $rf = new ReflectionFunction('set_magic_quotes_runtime');
        
    $rf->invoke(0);
    }
    catch (
    Exception $ex)
    {
        
    trigger_error($ex->getMessage(), E_USER_WARNING);

    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #7
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    Well we did try Fou-Lu, but unfortunately even with the if function exists i still get the deprecated message in my log files. And i dont like messages in my log files lol.. So i just removed the 'set_magic_quotes_runtime' all together. Good try though

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    That will happen anyways, so long as you are calling it. There isn't a way other than reflection to determine if it is deprecated (reflection can tell you), so as soon as you call it it will trigger an E_DEPRECATED level error. And currently you would need to call it if you are on < 5.4. You can also scan for get_magic_quotes_runtime first, which will return false in > 5.4 or when disabled. That could be used in conjunction with function_exists or reflection to see if it should even bother calling set_magic_quotes_runtime (which in the past never mattered since you'd always want to disable it).

    You can disable that by setting the E_DEPRECATED level off (ie: E_ALL ^ E_DEPRECATED), but I'm trying to recall if it will still log it regardless. You can try to set that in the php.ini to see if that removes it from logs. Personally I prefer all errors in log regardless of what they are.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • #9
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    any reason you see that i cant do this.. this is inside a php function.

    PHP Code:
         //temp turn off error reporting for this one deprecated value.
         
    error_reporting(E_ALL E_DEPRECATED);

         if (
    function_exists('set_magic_quotes_runtime'))
         {
          
    set_magic_quotes_runtime(0);
          }

        
    //set error control back to normal
        
    error_reporting(E_ALL); 

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Yeah, if you do that you'll always end up with E_ALL after the function call regardless of what the program has set for its error reporting.
    If you are intent on doing so than you should capture the existing reporting first:
    PHP Code:
    $iCur error_reporting(error_reporting() ^ E_DEPRECATED);
    ...
    error_reporting($iCur); 
    Although you may as well just use the get_magic_quotes_runtime call to check it. This function has not been deprecated.

    Edit:
    Actually that won't work. If you have no E_DEPRECATED set, it will go ahead and set it.
    Lets see if I can get it right.
    PHP Code:
    $iCur error_reporting((error_reporting() ^ E_DEPRECATED) & error_reporting()); 
    Mask it after setting it, yeah that should disable it even if it already is.

    Edit:
    Oh yeah and another though. You can try simply adding the suppressor to the set_magic_quotes_runtime. I don't know for sure if that will work with E_DEPRECATED, and I don't know for sure if it doesn't log it anyway. You can give that a try and see the result.

    Last edited by Fou-Lu; 02-07-2013 at 01:55 PM.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    durangod (02-07-2013)

  • #11
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,383
    Thanks
    264
    Thanked 32 Times in 31 Posts
    Quote Originally Posted by Fou-Lu View Post
    Lets see if I can get it right.
    PHP Code:
    $iCur error_reporting((error_reporting() ^ E_DEPRECATED) & error_reporting()); 
    I did find that the supressor does not work in that fashion but good news The above works. I added it before the set magic quotes call and then to test it, i ran a few pages that call that function with E_ALL reporting on those pages and nothing came up..


    Seems as though it works. Nice thanks Fou-Lu..


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •