Member Avatar for cwarn23

Hi, in this news you will see how in the past few years there has been some controversy over a bug or more commonly known as a feature which appears it may be removed as of php 5.4.0. According to the features list of php 5.4.0 beta there is the following quote.

- Removed features:
. Removed magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase
ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept
but always return false, set_magic_quotes_runtime raises an
E_CORE_ERROR. (Pierrick, Pierre)

Now some users will have a good idea what this is but most won’t have a clue as most don’t dig into the closed in corners of php. For non php experts magic quotes is used for $_POST to add a backslash to each quote whenever a form is posted with method=post. But this only applies within a certain range of php versions and can be disable in the php.ini making a task to check if the backslashes exists of not. Fortunately two functions had existed until php 5.4.0 and they are in the following code.

<?php
class httppost {
    public $value;
    function stripslashes($value) {
        $value = is_array($value) ? array_map(array($this,'stripslashes'), $value) : stripslashes($value);
        return $value;
        }
    function __construct($in) {
    if(get_magic_quotes_gpc()) {
        //magic quotes enabled
        $this->value=$this->stripslashes($in);
        } else {
        $this->value=$in;
        }
    }
}

////////////////////////////////////////////////////
if (isset($_POST)) {
$post=new httppost($_POST);
echo htmlentities($post->value[‘item_name’]);
}
?>

However as of php 5.4.0 all you need to do is the below to get the same result as of php 5.4.0.

<?php
if (isset($_POST)) {
echo htmlentities($_POST[‘item_name’]);
}
?>

The reason? Magic quotes is dead and permanently disabled no matter the server installed on as of php 5.4.0. However, as detailed as this proof may be, many users today still deny that such a bug/feature exists on <5.4.0. One possible reason is that they use an optimized php.ini file or a php.ini file that is not the standard php.ini file from php.net or perhaps there php version is simply out of date. So perhaps in the next 2 years we will see much simpler and more accurate form submission code when the web hosting giants upgrade their php software.

  • 3 Contributors
  • 2 Replies
  • 747 Views
  • 17 Hours Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 2 Replies

Member Avatar for diafol

Great news for developing your own code. :) Still same old same old for writing third party code - its like having to support IE6!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.