Tag Archives: magic_quotes_gpc

Escape from Magic Quotes for Non-Frameworks Programmers

Here is a quick thing to help you fetch clean data from GET POST COOKIE and REQUEST input variables. Of course, you need to rely on something like mysql_real_escape_string before writing this into a database. But a common function like this for the entire Web App will keep the data safe from slashes and helps you code without bothering whether magic_quotes_gpc is ON or OFF.


/**
* Use this function to safely retreive data from GET POST COOKIE and REQUEST super globals
*
* @param String $_key Name of the POST element to be retrieved
* @return String Clean value without any slashes even if magic_quotes_gpc is enabled.
*/
function getFromGpc($_key, $_source='p')
{
$_source = strtolower($_source);

if( $_source == 'p' ):
if( get_magic_quotes_gpc() ) {
return stripslashes($_POST[$_key]);
} else {
return ($_POST[$_key]);
}
elseif( $_source == 'g' ):
if( get_magic_quotes_gpc() ) {
return stripslashes($_GET[$_key]);
} else {
return ($_GET[$_key]);
}
elseif( $_source == 'c' ):
if( get_magic_quotes_gpc() ) {
return stripslashes($_COOKIE[$_key]);
} else {
return ($_COOKIE[$_key]);
}
elseif( $_source == 'r' ):
if( get_magic_quotes_gpc() ) {
return stripslashes($_REQUEST[$_key]);
} else {
return ($_REQUEST[$_key]);
}
else:
if( get_magic_quotes_gpc() ) {
return stripslashes($_REQUEST[$_key]);
} else {
return ($_REQUEST[$_key]);
}
endif;
}