How to remove magic quotes if php.ini/.htaccess ar

2019-08-06 02:49发布

问题:

For some reason, all my quotes are being escaped and displayed as \". Previously, it was okay. Then I looked at phpinfo() and saw that my magic_quotes_gpc is turned on. However, I cannot find the directory /usr/local/lib/ where php.ini file is and I cannot edit my .htaccess file (gets 500 Internal Server Error).

I tried putting this instead on top of my scripts file (which is included in all pages):

if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

But still, the " and ' on my pages still have the backslashes in them.

What am I doing wrong?

回答1:

Give this code a try, it's worked for me in the past.

<?php
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
        $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
        $unescape_function = (empty($quotes_sybase) || $quotes_sybase === 'off') ? 'stripslashes($value)' : 'str_replace("\'\'","\'",$value)';
    $stripslashes_deep = create_function('&$value, $fn', '
        if (is_string($value)) {
            $value = ' . $unescape_function . ';
        } else if (is_array($value)) {
            foreach ($value as &$v) $fn($v, $fn);
        }
    ');

    // Unescape data
    $stripslashes_deep($_POST, $stripslashes_deep);
    $stripslashes_deep($_GET, $stripslashes_deep);
    $stripslashes_deep($_COOKIE, $stripslashes_deep);
    $stripslashes_deep($_REQUEST, $stripslashes_deep);
}


回答2:

Which PHP-version do you use?

If you use a version larger than 5.2, than you can use filter_input() or filter_input_array(). It seems that it ignores the setting of the magic_quotes_gpc-directive and uses the raw data (the default filter is FILTER_UNSAFE_RAW)