DZone Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world

Snippets has posted 5883 posts at DZone. View Full User Profile

Strip Slashes From User Input (if Applicable)

05.25.2005
| 9901 views |
  • submit to reddit
        This code checks if magic quotes are enabled, and if so, strips slashes from GET, POST and COOKIE arrays. It's fully recursive, and thus supports POST arrays.

<?php

// If magic quotes are enabled, strip slashes from all user data
function stripslashes_recursive($var) {
	return (is_array($var) ? array_map('stripslashes_recursive', $var) : stripslashes($var));
}

if (get_magic_quotes_gpc()) {
	$_GET = stripslashes_recursive($_GET);
	$_POST = stripslashes_recursive($_POST);
	$_COOKIE = stripslashes_recursive($_COOKIE);
}

?>
    

Comments

Snippets Manager replied on Wed, 2008/08/20 - 6:32pm

OK so I lost the password to my "xolox" account here and I can't seem to find a way to reset my old account. The point is I recently learned that the above recursive function can be used to bring your server down! For an explanation see http://talks.php.net/show/php-best-practices/26 but in short, replace the above with the following: <?php if (get_magic_quotes_gpc()) { $in = array(&$_GET, &$_POST, &$_COOKIE); while (list($k,$v) = each($in)) { foreach ($v as $key => $val) { if (!is_array($val)) { $in[$k][$key] = stripslashes($val); continue; } $in[] =& $in[$k][$key]; } } unset($in); } ?>

Snippets Manager replied on Mon, 2012/05/07 - 2:12pm

Eh... Yeah! Right! Of course (thanks :)

Snippets Manager replied on Mon, 2012/05/07 - 2:12pm

you do realize that since it's recursive, you can just do this: if (get_magic_quotes_gpc()) { $_GET = stripslashes_recursive($_GET); $_POST = stripslashes_recursive($_POST); $_COOKIE = stripslashes_recursive($_COOKIE); }