config codes

karthikanov24 · October 25, 2009

hi

This code is about configuration...

Could you explain the following codes...

if (!get_magic_quotes_gpc()) {
if (isset($_POST)) {
	foreach ($_POST as $key => $value) {
		$_POST[$key] =  trim(addslashes($value));
	}
}

if (isset($_GET)) {
	foreach ($_GET as $key => $value) {
		$_GET[$key] = trim(addslashes($value));
	}
}	
}

thanks

karthikanov24

trq · October 25, 2009

If that code is in the app your using, stop using it.

It checks if the now deprecated get_magic_quotes_gpc is enabled and if not, does what it would do if it where (adds slashes to all data within your $_POST and $_GET arrays).

karthikanov24 · October 25, 2009

hi

what is the use of addslahes here...

thanks

karthikanov24

trq · October 25, 2009

addslashes used to be helpful when passing data to a database query as it would help escape quotes properly.

However, get_magic_quotes_gpc and the code above adds slashes to all input, regardless of whether or not its going to be used within a database query. This is never a good approach.

Besides, there are much better ways of cleaning data these days. mysql_real_escape_string for one.

karthikanov24 · October 25, 2009

hi

foreach() works only for array...

Here whether $_POST is array?...if so where is it initialised as array.....?

thanks

karthikanov24

trq · October 25, 2009

$_POST is a built in array holding any data sent via http's post method.

Sign In

config codes

Recommended Posts

karthikanov24

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

karthikanov24

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

karthikanov24

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information