Hacker News new | comments | show | ask | jobs | submit login
Platform specific PHP bug (jerrywong.net)
21 points by damasking on July 16, 2008 | hide | past | web | favorite | 7 comments



How the hell does this get upvoted to the #2 spot on hacker news?

This is both dumb and not news. Ranting on magic_quotes_gpc has been done to death already.

Now for some code:

    if (get_magic_quotes_gpc()) {
        array_stripslashes($_GET);
        array_stripslashes($_POST);
        array_stripslashes($_REQUEST);
        array_stripslashes($_COOKIE);
    }

    function array_stripslashes(array &$array)
    {
        foreach ($array as $key => &$value) {
            if (is_string($value)) $value = stripslashes($value);
            elseif (is_array($value)) array_stripslashes($value);
        }
    }


"Platform specific bug" is only mentioned in the HN post title: it isn't the article's title, nor does he mention a "platform specific bug" in the article. Magic quotes is a side issue: his expected output has no quotes in it in the first place! "Where are his random quotes coming from?" was his question, not "Where are these random slashes coming from?" - he answered that question by himself.

But yea, $_COOKIE is the way to go.


I hate PHP as much as anyone, but I have a feeling this is programmer error. Of course, PHP makes programmer error really easy, but...


magic_quotes_gpc should almost never be turned on. a lot of linux distro has it off by default. it's the programmer's job to escape the db inputs. this blog article is too contentless to make it to #2.


He shouldn't be using not sanitize and not parse_str. He should be using $_COOKIE[]


Magic quotes.. sigh

I think this feature is going to be removed in PHP6.


I hope so. Magic quotes are evil.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: