

Platform specific PHP bug - damasking
http://blog.jerrywong.net/2008/07/back-from-dead.html

======
wvenable
How the hell does this get upvoted to the #2 spot on hacker news?

This is both dumb and not news. Ranting on magic_quotes_gpc has been done to
death already.

Now for some code:

    
    
        if (get_magic_quotes_gpc()) {
            array_stripslashes($_GET);
            array_stripslashes($_POST);
            array_stripslashes($_REQUEST);
            array_stripslashes($_COOKIE);
        }
    
        function array_stripslashes(array &$array)
        {
            foreach ($array as $key => &$value) {
                if (is_string($value)) $value = stripslashes($value);
                elseif (is_array($value)) array_stripslashes($value);
            }
        }

------
DougBTX
"Platform specific bug" is only mentioned in the HN post title: it isn't the
article's title, nor does he mention a "platform specific bug" in the article.
Magic quotes is a side issue: his expected output has no quotes in it in the
first place! "Where are his random quotes coming from?" was his question, not
"Where are these random slashes coming from?" - he answered that question by
himself.

But yea, $_COOKIE is the way to go.

------
jrockway
I hate PHP as much as anyone, but I have a feeling this is programmer error.
Of course, PHP makes programmer error really easy, but...

------
henryw
magic_quotes_gpc should almost never be turned on. a lot of linux distro has
it off by default. it's the programmer's job to escape the db inputs. this
blog article is too contentless to make it to #2.

------
ars
He shouldn't be using not sanitize and not parse_str. He should be using
$_COOKIE[]

------
dhotson
Magic quotes.. _sigh_

I think this feature is going to be removed in PHP6.

~~~
tlrobinson
I hope so. Magic quotes are evil.

