AvoidMagicQuotes

project

Forums Released Files

project summary freshmeat entry development infos mailing list WebInstaller database tools ChangeLog

page plugins

ProtectedEmail PowerSearch README README.config README.plugins README.fragments ProtectedMode INTERNALS WordIndex AboutPlugins PhpInfo OrphanedPages ListOfPluginHooks RSS RecentChanges PageIndex NewestPages SearchPages MostVisitedPages MostOftenChangedPages UpdatedPages

usage hint

9OTUNE YOGURT SÜREER AYRAN OLANA KADAR SİKERİMxD

bottom corner

history of 'AvoidMagicQuotes'

version 6	localhost.localdomain 127.0.0.1:36214	Wed Aug 5 16:10:21 2009
(previous content completely removed) + `[MarioSalzer "milky"]:` + `The 'magic_quotes' in my opinion is the most stupid thing the Zend people` + `added to PHP. Because it is a config setting, it is set differently on many` + `servers, thus making it hard to get a PHP script run equal on many systems.` + `The magic_quotes add backslashes to GET, POST and COOKIE variables to give` + `novices a chance to write 'safe' PHP database usage code without having to` + `learn programming...(!)` + `%%%` + `Yes, I'd really like to say the magic_quotes are for stupids.` + `Even if the magic_quotes are now off by default in recent PHP versions,` + `they still are a problem, because many providers still have poorly written` + `code (not managing to use addslashes() or similar before writing to database)` + `and thus enforce people also to live with the antiquatic_quotes (there is` + `the .htaccess workaround, ok, but it is not safe or always possible to use` + `it).` + `This problem for example lead to constructs like "eventually_add_slashes()"` + `functions in many projects (PhpNuke has such one for example). This slows` + `down everything and makes code unreadable - in ewiki such an` + `eventually_add_slashes() function had to be deployed around 100 times to` + `work around the antique_quotes 'feature'. So my approach was the` + `"fragments/strip_wonderful_slashes.php" include, which redecodes any` + `garbaged $_REQUEST variable.` + `%%%` + `This is a good thing, because ewiki's database code cares about adding` + `backslashes before sending commands to the database - and in fact PHP's` + `magic_quotes sense of adding quotes wasn't even capable of doing it` + `correctly, because different databases (ADODB) use different escape chars!` + `For an bad example of problems with magic_quotes just see the` + `sourceforge.net site - their software is also not aware enough of their own` + `PHP interpreter having the trouble_quotes enabled, so you\\\\\'ll often see` + `backslashes appear before quotes, often you\\\\\\\\\\'ll see a long line of` + `\\\\\\\\\\\\\\\\\\\\\ backslashes, where you wouldn\\\\\\\\\\\'t expect` + `(they also have problems with \newlines, but that\\\'s another story ;)`

version 5	home page (localhost.localdomain 127.0.0.1:39211)	Mon Aug 3 07:06:34 2009
(overwritten with previous[?] content) - `dycz flvrqnyh cqpoxbey jsmrbfivd abesvhjiy yfjo cyngpa`

version 4	vxidefau kmdtw (89-96-211-199.ip14.fastwebnet.it 89.96.211.199:59794)	Sun Apr 1 17:25:07 2007
(previous content completely removed) + `dycz flvrqnyh cqpoxbey jsmrbfivd abesvhjiy yfjo cyngpa`

version 3	c-66-30-241-206.hsd1.ma.comcast.net 66.30.241.206:1254	Sat Oct 22 12:11:39 2005

version 2	px1cv.gv.shawcable.net 24.64.223.203:43346	Sun Sep 4 22:28:42 2005

bottom corner