Hi,
I know and understand what magic quotes does, but have never written any of my scripts to check whether magic quotes is on or not; and if on stripslashes() .
I thought it was time that i do this check incase any of the scripts i create are used on a server that has magic quotes on. i sanitize user input myself and i find if magic quotes is on it's just problematic.
Problem i have is the understanding of checking if magic quotes is on and if so stripslashes().
I placed the below code above a script that contains a form that displays it on a webpage and also inserts it into a database.
if($_SERVER['REQUEST_METHOD'] == $_POST && ini_get('magic_quotes_gpc')) {
stripslashes($_POST);
}My form uses the $_POST method so i thought by adding this to the top of my script that all data sent by the post method will have slashes stripped if magic quotes is on. I delibrately turned magic quotes on, on my local machine but yet data is still being escaped by magic quotes.
Obviously my $_POST data is stored in variables with different variable names so i don't want to check each variable individually as this means altering all my code and having bloated code that is not needed.
Can someone please tell me what i need to be doing exactly to make all data that is sent by the $_POST method and have magic quotes on to strip slashes without having to alter all my code in my scripts. I see so many examples on the php.net website but can't seem to figure out why i can't get it to work with my own scripts.
So what i want to say to php is:
if magic quotes is on stripslashes from all $_POST data and $_GET data
Thanks,
PHPLOVER