karthikanov24 Posted October 25, 2009 Share Posted October 25, 2009 hi This code is about configuration... Could you explain the following codes... if (!get_magic_quotes_gpc()) { if (isset($_POST)) { foreach ($_POST as $key => $value) { $_POST[$key] = trim(addslashes($value)); } } if (isset($_GET)) { foreach ($_GET as $key => $value) { $_GET[$key] = trim(addslashes($value)); } } } thanks karthikanov24 Quote Link to comment https://forums.phpfreaks.com/topic/178914-config-codes/ Share on other sites More sharing options...
trq Posted October 25, 2009 Share Posted October 25, 2009 If that code is in the app your using, stop using it. It checks if the now deprecated get_magic_quotes_gpc is enabled and if not, does what it would do if it where (adds slashes to all data within your $_POST and $_GET arrays). Quote Link to comment https://forums.phpfreaks.com/topic/178914-config-codes/#findComment-943904 Share on other sites More sharing options...
karthikanov24 Posted October 25, 2009 Author Share Posted October 25, 2009 hi what is the use of addslahes here... thanks karthikanov24 Quote Link to comment https://forums.phpfreaks.com/topic/178914-config-codes/#findComment-943919 Share on other sites More sharing options...
trq Posted October 25, 2009 Share Posted October 25, 2009 addslashes used to be helpful when passing data to a database query as it would help escape quotes properly. However, get_magic_quotes_gpc and the code above adds slashes to all input, regardless of whether or not its going to be used within a database query. This is never a good approach. Besides, there are much better ways of cleaning data these days. mysql_real_escape_string for one. Quote Link to comment https://forums.phpfreaks.com/topic/178914-config-codes/#findComment-943922 Share on other sites More sharing options...
karthikanov24 Posted October 25, 2009 Author Share Posted October 25, 2009 hi foreach() works only for array... Here whether $_POST is array?...if so where is it initialised as array.....? thanks karthikanov24 Quote Link to comment https://forums.phpfreaks.com/topic/178914-config-codes/#findComment-943936 Share on other sites More sharing options...
trq Posted October 25, 2009 Share Posted October 25, 2009 $_POST is a built in array holding any data sent via http's post method. Quote Link to comment https://forums.phpfreaks.com/topic/178914-config-codes/#findComment-943939 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.