Note Submitter: caya
----
Unfortunately magic quotes is the default and violates a
simple principle: what the user types is what you get.
If you want to follow that principle the following code
snippet may be useful:
function cleanData() {
foreach($_GET as $k => $v)
$_GET[$k] = stripslashes($v);
// likewise for $_POST, $_COOKIE
}
...
if (get_magic_quotes_gpc()) {
cleanData();
}
You will need to add this to every page... sorry. But this
is sometimes easier than convincing a webhosting company to
change the settings...(if you use a front-controller pattern
it's a lot easier...)
With this principle, then you always have in memory real
data.
When generating HTML, you may need then to do
htmlentities(...), as you are moving from the 'php data
world' to the 'html data world', but you are playing on
the safe side.
Same analysis apply to generating SQL sentences...
--
PHP Notes Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub
.php
|