Jump to content

Some doubt and error in a script

riddhi

By riddhi
in PHP Coding Help

Recommended Posts

riddhi Member

riddhi

Posted
Posted

what does these lines in the script does?

 

$thisFile = str_replace('\\', '/', __FILE__);
$docRoot = $_SERVER['DOCUMENT_ROOT'];

$webRoot  = str_replace(array($docRoot, 'library/config.php'), '', $thisFile);
$srvRoot  = str_replace('library/config.php', '', $thisFile);

 

<?php
if (!get_magic_quotes_gpc()) {
if (isset($_POST)) {
	foreach ($_POST as $key => $value) {
	   $_POST[$key] = trim(addslashes($value));
	}
}

if (isset($_GET)) {
	foreach ($_GET as $key => $value) {
		$_GET[$key] = trim(addslashes($value));
	}
}	
}

?>

 

what is the use of "get_magic_quotes_gpc()" ?

 

and what is the change required for the following error in this line :-

 

$_POST[$key] = trim(addslashes($value));

 

The error is as follows:-

 

Notice: Array to string conversion in f:\program files\easyphp1-8\www\plaincart\library\config.php on line 51

 

Notice: Array to string conversion in f:\program files\easyphp1-8\www\plaincart\library\config.php on line 51

 

Notice: Array to string conversion in f:\program files\easyphp1-8\www\plaincart\library\config.php on line 51

Unknown column 'A' in 'where clause'

 

Link to comment
https://forums.phpfreaks.com/topic/47201-some-doubt-and-error-in-a-script/
Share on other sites
Lumio Member

Lumio

Posted
Posted

get_magic_quotes_gpc() tells you if variables get escaped.

For instance:

When you write into a textarea and magic_quotes is turned on, and your text is like

Hello world! My name is "riddhi"

It gets 

Hello world! My name is \"riddhi\"

 

So the best is to strip slashes and add them for mysql and so on... so I use it like that:

<?php
if (!isset($_GET)) $_GET =& $GLOBALS['HTTP_GET_VARS'];
if (!isset($_POST)) $_POST =& $GLOBALS['HTTP_POST_VARS'];
if (!isset($_COOKIE)) $_COOKIE =& $GLOBALS['HTTP_COOKIE_VARS'];
if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];

!function_exists('mysql_connect') && die('MySQL doesn\'t run on this server');

foreach ($_REQUEST as $index => $val)
	if(isset($$index)) unset($$index);
  
if (get_magic_quotes_gpc()) {
	$_POST = array_map('stripslashesinarray', $_POST);
	$_GET = array_map('stripslashesinarray', $_GET);
	$_COOKIE = array_map('stripslashesinarray', $_COOKIE);
	$_REQUEST = array_map('stripslashesinarray', $_REQUEST);
}

function stripslashesinarray($value) {
	return (is_array($value) ? array_map('stripslashesinarray', $value):stripslashes($value));
}
?>[code]

[/code]

Lumio Member

Lumio

Posted
Posted

for sure ;)

if (!isset($_GET)) $_GET =& $GLOBALS['HTTP_GET_VARS'];
if (!isset($_POST)) $_POST =& $GLOBALS['HTTP_POST_VARS'];
if (!isset($_COOKIE)) $_COOKIE =& $GLOBALS['HTTP_COOKIE_VARS'];
if (!isset($_SERVER)) $_SERVER =& $GLOBALS['HTTP_SERVER_VARS'];

For older PHP-Versions there are no global variables like $_GET, $_POST and so on. So if that variables are not set, it makes an alias to the $GLOBALS-variable where the get- and post- and all those values get save.

So = copies the whole content of an variable. For example:

$a = 'foo';
$b = $a;
$a = 'bar';
echo $a;
echo ' - ';
echo $b;

$b gets the same value as $a and when you change $a, $b don't changes.

But when I use

$a = 'foo';
$b =& $a;
$a = 'bar';
echo $a;
echo ' - ';
echo $b;

So... the different here is the &. When you say echo $b; it would be the same as echo $a;. So when you change $a, the value $b gets also changed.

 

!function_exists('mysql_connect') && die('MySQL doesn\'t run on this server');

I don't know, if you're using MySQL, but if you use it, you need mysql_connect(). If that function does not exist, the extension for mysql is not installed.

 

foreach ($_REQUEST as $index => $val)
if(isset($$index)) unset($$index);

There is an option in the php.ini called register_globals that makes every php-script unsecure. Because when that option is set to true or on myscript.php?foo=bar gets automatically defined in the script.

So that lines look up every variable and make it undefined.

 

if (get_magic_quotes_gpc()) {
$_POST = array_map('stripslashesinarray', $_POST);
$_GET = array_map('stripslashesinarray', $_GET);
$_COOKIE = array_map('stripslashesinarray', $_COOKIE);
$_REQUEST = array_map('stripslashesinarray', $_REQUEST);
}

I think you know what get_magic_quotes_gpc() is.

So array_map calls a function for every item of an array. That function can manipulate that item and gives it back.

 

function stripslashesinarray($value) {
return (is_array($value) ? array_map('stripslashesinarray', $value):stripslashes($value));
}

I call that function to strip all escapes. So when there is a $_POST-variable like

Hello \"world\"

it gets 

Hello world

 

Any questions? ;)

So far... greetings and learning php is cool :D

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.