1

I'm trying to use the stripslashes_deep function in the PHP documentation as a method, but when I pass it an array, it doesn't work. It does, however, work with a string. Can anyone point out why it might not be working? Magic quotes are on because I'm testing for that possibility, but like I said, it works for a string and I'm also not testing $_POST, or $_GET data. Here's the code:

protected function stripslashes_deep($input){
    return is_array($input) ? array_map($this->stripslashes_deep, $input) : stripslashes($input);
}

The string 'O\'Reilly' is converted to 'O'Reilly', but the array below remains unchanged:

Array ( [0] => Array ( [userId] => 23 [0] => 23 [username] => O\'Reilly [1] => O\'Reilly [userFirstName] => Bill [2] => Bill [userLastName] => O\'Reilly [3] => O\'Reilly ) )

Any help would be greatly appreciated.

Edit:

The array is coming from the database and has slashes because it was inserted with bound parameters by the PDO object. I extended PDO and I'm trying to strip the slashes automatically when I fetch the array so I don't have to call stripslashes every single time I output data. If anyone knows of a better way to do that, I'm definitely open to suggestions. I didn't see any sort of unquote method for PDO.

VirtuosiMedia
  • 52,016
  • 21
  • 93
  • 140
  • Why are there backslashes in an array that seems to come from the mysql_fetch_array() function anyway? – Gumbo Feb 12 '09 at 11:22
  • Well then it seems that both you and PDO are adding slashes when inserting the data. Otherwise the slashes wouldn’t be there. But you don’t need to do that whan using PDO. Additionally you should check for Magic Quotes and disable them. – Gumbo Feb 12 '09 at 11:35
  • Magic Quotes is adding the slashes on entry...that might be the problem. – VirtuosiMedia Feb 12 '09 at 11:42
  • Then disable them and let just PDO do its work. That should fix the problem and you won’t need the stripslashes_deep() function. – Gumbo Feb 12 '09 at 11:45
  • I got it solved now, thanks. I'm checking it on entry rather than on output. – VirtuosiMedia Feb 12 '09 at 12:12

1 Answers1

8
array_map($this->stripslashes_deep, $input) : stripslashes($input);

Should be:

array_map(array($this, 'stripslashes_deep'), $input) : stripslashes($input);

If your intend is to undo magic-quotes, you shouldn't implement it recursively btw., since it has some performance and security issues. See: http://talks.php.net/show/php-best-practices/26

troelskn
  • 115,121
  • 27
  • 131
  • 155