7

As you know when Magic Quotes are ON, single quotes are escaped in values and also in keys. Most solutions to remove Magic Quotes at runtime only unescape values, not keys. I'm seeking a solution that will unescape keys and values...

I found out on PHP.net this piece of code:

$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process))
{
    foreach ($val as $k => $v)
    {
        unset($process[$key][$k]);
        if (is_array($v))
        {
            $process[$key][stripslashes($k)] = $v;
            $process[] = &$process[$key][stripslashes($k)];
        }
        else
        {
            $process[$key][stripslashes($k)] = stripslashes($v);
        }
    }
}
unset($process);

But I don't like "&" references and arrays as I got bugs like this one in the past...

Is there a "better" way to unescape Magic Quotes (keys and values) at runtime than the one above?

Bryan M.
  • 17,142
  • 8
  • 46
  • 60
AlexV
  • 22,658
  • 18
  • 85
  • 122
  • Take a look at the related question on the right side. – Gumbo Jan 25 '10 at 15:24
  • Yeah I did (and even did a Web + SO search before asking question) but I haven't found any solution that work 100% and that don't use "&" references. – AlexV Jan 25 '10 at 15:56

2 Answers2

8

I think this is a little cleaner and avoids reference bugs:

function unMagicQuotify($ar) {
  $fixed = array();
  foreach ($ar as $key=>$val) {
    if (is_array($val)) {
      $fixed[stripslashes($key)] = unMagicQuotify($val);
    } else {
      $fixed[stripslashes($key)] = stripslashes($val);
    }
  }
  return $fixed;
}

$process = array($_GET,$_POST,$_COOKIE,$_REQUEST);
$fixed = array();
foreach ($process as $index=>$glob) {
  $fixed[$index] = unMagicQuotify($glob);
}
list($_GET,$_POST,$_COOKIE,$_REQUEST) = $fixed;
Lucas Oman
  • 15,597
  • 2
  • 44
  • 45
-1
array_walk_recursive($_POST, 'stripslashes');

Do the same for GET and COOKIE.

Crozin
  • 43,890
  • 13
  • 88
  • 135