Monthly Archives: October 2009
Alternative to magic_quotes in PHP 5.3 and PHP6
PHP 5.3 and PHP6 will discontinue the use of magic_quotes for security reasons, and this means that your website may, or already have, break if you still rely on magic_quotes_gpc.
Below is some code that will give you the same functionality as magic_quotes_gpc:
< ?php
function clear_magic_quotes()
{
if (get_magic_quotes_gpc()) {
/*
All these global variables are slash-encoded by default,
because magic_quotes_gpc is set by default!
(And magic_quotes_gpc affects more than just $_GET, $_POST, and $_COOKIE)
*/
$_SERVER = stripslashes_array($_SERVER);
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
$_COOKIE = stripslashes_array($_COOKIE);
$_FILES = stripslashes_array($_FILES);
$_ENV = stripslashes_array($_ENV);
$_REQUEST = stripslashes_array($_REQUEST);
$HTTP_SERVER_VARS = stripslashes_array($HTTP_SERVER_VARS);
$HTTP_GET_VARS = stripslashes_array($HTTP_GET_VARS);
$HTTP_POST_VARS = stripslashes_array($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = stripslashes_array($HTTP_COOKIE_VARS);
$HTTP_POST_FILES = stripslashes_array($HTTP_POST_FILES);
$HTTP_ENV_VARS = stripslashes_array($HTTP_ENV_VARS);
if (isset($_SESSION)) #These are unconfirmed (?)
{
$_SESSION = stripslashes_array($_SESSION, '');
$HTTP_SESSION_VARS = stripslashes_array($HTTP_SESSION_VARS, '');
}
/*
The $GLOBALS array is also slash-encoded, but when all the above are
changed, $GLOBALS is updated to reflect those changes. (Therefore
$GLOBALS should never be modified directly). $GLOBALS also contains
infinite recursion, so it's dangerous...
*/
}
}function stripslashes_array($data)
{
if (is_array($data))
{
foreach ($data as $key => $value)
{
$data[$key] = stripslashes_array($value);
}
return $data;
}
else
{
return stripslashes($data);
}
}clear_magic_quotes(); // disable magic quotes
?>
“ereg” & “eregi” has been deprecated in PHP 5.3 and PHP 6.x
I was working on a new PHP script when I needed to remove some characters from a random string. Generall I would use ereg, or even eregi (if the string has both upper and lower case. But since the string had some non-alphabetical characters, I had to check on the syntac in the PHP manual to see how to remove them.
But then I noticed that both ereg & eregi has been DEPRECATED, or REMOVED from PHP 5.3 & PHP 6.x
Warning
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
Now I can’t finish the project until I find a good substitute…….

