Por qué no usarlas
I have discovered that my host doesn't like either of the following directives in the .htaccess file:
php_flag magic_quotes_gpc Off
php_value magic_quotes_gpc Off
However, there is another way to disable this setting even if you don't have access to the server configuration - you can put a php.ini file in the directory where your scripts are with the directive:
magic_quotes_gpc = Off
However, these does not propogate unlike .htaccess rules, so if you launch from a sub-directory, you need the php.ini file in each directory you have as script entry points.
Deshabilitar las comillas mágicas
Advertencia
Esta característica ha sido declarada OBSOLETA desde PHP 5.3.0. Su uso está totalmente desaconsejado.
La directiva magic_quotes_gpc sólo puede deshabilitarse en el sistema, y no en tiempo de ejecución. En otras palabras, no se puede utilizar ini_set().
Ejemplo #1 Deshabilitar comillas mágicas en el servidor
Ejemplo que establece un Off a estas directivas en php.ini. Para más detalles, lea la sección del manual titulada Cómo cambiar los ajustes de configuración.
; Magic quotes ; ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off
Si no es posible acceder a la configuración del servidor, también puede usar .htaccess. Por ejemplo:
php_flag magic_quotes_gpc Off
Si tuviera interés en implementar código portable (aquél que funciona en cualquier entorno), y no pudiera modificar la configuración en el servidor, aquí hay un ejemplo de cómo deshabilitar magic_quotes_gpc en tiempo de ejecución. Este método es ineficiente por lo que se recomienda establecer los valores apropiados para las directivas en otro lugar.
Ejemplo #2 Deshabilitar las comillas mágicas en tiempo de ejecución
<?php
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?>
add a note
User Contributed Notes
Deshabilitar las comillas mágicas - [7 notes]
stuart at horuskol dot co dot uk ¶
5 years ago
booboogotu at gmail dot com ¶
3 years ago
A php5 way:
<?php
if (get_magic_quotes_gpc()) {
function stripslashes_gpc(&$value)
{
$value = stripslashes($value);
}
array_walk_recursive($_GET, 'stripslashes_gpc');
array_walk_recursive($_POST, 'stripslashes_gpc');
array_walk_recursive($_COOKIE, 'stripslashes_gpc');
array_walk_recursive($_REQUEST, 'stripslashes_gpc');
}
?>
sunrunner20 ¶
6 years ago
If php_flag magic_quotes_gpc off does not work
Use php_value magic_quotes_gpc off
insteadin your .htaccess file
metala at metala dot org ¶
3 years ago
I have recently found out that magic quotes affects not only the values of the GPC arrays, but also the keys.
For now, my way to solve with the problem is:
<?php
if (get_magic_quotes_gpc()) {
function magicQuotes_awStripslashes(&$value, $key) {$value = stripslashes($value);}
$gpc = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
array_walk_recursive($gpc, 'magicQuotes_awStripslashes');
}
?>
Unfortunately it doesn't fix the keys... and cannot determinate if the slashes are already stripped.
Anonymous ¶
6 years ago
PHP's magic quotes function has the strange behavior of not adding slashes to top level keys in GPC key/value pairs but adding the slashes in deeper level keys. To demonstrate, a URI of:
example.php?a'b[c'd]=e'f
produces:
array("a'b" => array("c\'d" => "e\'f"))
The current example for removing magic quotes does not do anything to keys, so after running stripslashes_deep, you would end up with:
array("a'b" => array("c\'d" => "e'f"))
Which, needless to say, is wrong. As if you had magic quotes off, it would have been:
array("a'b" => array("c'd" => "e'f"))
I have written a snippet of code compatible with PHP 4.0.0 and above that handles this correctly:
if (get_magic_quotes_gpc()) {
function undoMagicQuotes($array, $topLevel=true) {
$newArray = array();
foreach($array as $key => $value) {
if (!$topLevel) {
$key = stripslashes($key);
}
if (is_array($value)) {
$newArray[$key] = undoMagicQuotes($value, false);
}
else {
$newArray[$key] = stripslashes($value);
}
}
return $newArray;
}
$_GET = undoMagicQuotes($_GET);
$_POST = undoMagicQuotes($_POST);
$_COOKIE = undoMagicQuotes($_COOKIE);
$_REQUEST = undoMagicQuotes($_REQUEST);
}
rdk ¶
6 years ago
The function parse_str() (http://us3.php.net/manual/en/function.parse-str.php) is also affected by magic_quotes_gpc, so if that function is called anywhere, stripslashes_deep won't be sufficient by itself.
dedlfix ¶
6 years ago
The function stripslashes_deep() ignores slashes in the keys
For example a query string like this: ?foo'bar=baz'bal
Output of var_dump($_GET) is:
array(1) {
["foo\'bar"]=>
string(8) "baz\'bal"
}
after stripslashes_deep():
array(1) {
["foo\'bar"]=>
string(7) "baz'bal"
}
If you want the keys to be stripslashed too, you have to unset() the addslahed key and to add a stripslashed version. But keep in mind that this will change the order of the array.