SoftDux Technical Blog

PHP 5.3 and PHP6 will discontinue the use of magic_quotes for security reasons, and this means that your website may, or already have, break if you still rely on magic_quotes_gpc.

Below is some code that will give you the same functionality as magic_quotes_gpc:

< ?php

function clear_magic_quotes()
{
if (get_magic_quotes_gpc()) {
/*
All these global variables are slash-encoded by default,
because magic_quotes_gpc is set by default!
(And magic_quotes_gpc affects more than just $_GET, $_POST, and $_COOKIE)
*/
$_SERVER = stripslashes_array($_SERVER);
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
$_COOKIE = stripslashes_array($_COOKIE);
$_FILES = stripslashes_array($_FILES);
$_ENV = stripslashes_array($_ENV);
$_REQUEST = stripslashes_array($_REQUEST);
$HTTP_SERVER_VARS = stripslashes_array($HTTP_SERVER_VARS);
$HTTP_GET_VARS = stripslashes_array($HTTP_GET_VARS);
$HTTP_POST_VARS = stripslashes_array($HTTP_POST_VARS);
$HTTP_COOKIE_VARS = stripslashes_array($HTTP_COOKIE_VARS);
$HTTP_POST_FILES = stripslashes_array($HTTP_POST_FILES);
$HTTP_ENV_VARS = stripslashes_array($HTTP_ENV_VARS);
if (isset($_SESSION)) #These are unconfirmed (?)
{
$_SESSION = stripslashes_array($_SESSION, '');
$HTTP_SESSION_VARS = stripslashes_array($HTTP_SESSION_VARS, '');
}
/*
The $GLOBALS array is also slash-encoded, but when all the above are
changed, $GLOBALS is updated to reflect those changes. (Therefore
$GLOBALS should never be modified directly). $GLOBALS also contains
infinite recursion, so it's dangerous...
*/
}
}

function stripslashes_array($data)
{
if (is_array($data))
{
foreach ($data as $key => $value)
{
$data[$key] = stripslashes_array($value);
}
return $data;
}
else
{
return stripslashes($data);
}
}

clear_magic_quotes(); // disable magic quotes
?>