How to remove magic quotes if php.ini/.htaccess are not editable?

 

For some reason, all my quotes are being escaped and displayed as ". Previously, it was okay. Then I looked at phpinfo() and saw that my magic_quotes_gpc is turned on. However, I cannot find the directory /usr/local/lib/ where php.ini file is and I cannot edit my .htaccess file (gets 500 Internal Server Error).

I tried putting this instead on top of my scripts file (which is included in all pages): 

if (get_magic_quotes_gpc()) {
    $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
    while (list($key, $val) = each($process)) {
        foreach ($val as $k => $v) {
            unset($process[$key][$k]);
            if (is_array($v)) {
                $process[$key][stripslashes($k)] = $v;
                $process[] = &$process[$key][stripslashes($k)];
            } else {
                $process[$key][stripslashes($k)] = stripslashes($v);
            }
        }
    }
    unset($process);
}

But still, the " and ' on my pages still have the backslashes in them.

What am I doing wrong?

试一试这个代码,它在过去对我有用。 

<?php
if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
        $quotes_sybase = strtolower(ini_get('magic_quotes_sybase'));
        $unescape_function = (empty($quotes_sybase) || $quotes_sybase === 'off') ? 'stripslashes($value)' : 'str_replace("''","'",$value)';
    $stripslashes_deep = create_function('&$value, $fn', '
        if (is_string($value)) {
            $value = ' . $unescape_function . ';
        } else if (is_array($value)) {
            foreach ($value as &$v) $fn($v, $fn);
        }
    ');

    // Unescape data
    $stripslashes_deep($_POST, $stripslashes_deep);
    $stripslashes_deep($_GET, $stripslashes_deep);
    $stripslashes_deep($_COOKIE, $stripslashes_deep);
    $stripslashes_deep($_REQUEST, $stripslashes_deep);
}

Which PHP-version do you use?

If you use a version larger than 5.2 , than you can use filter_input() or filter_input_array() . It seems that it ignores the setting of the magic_quotes_gpc -directive and uses the raw data (the default filter is FILTER_UNSAFE_RAW )

链接地址: http://www.djcxy.com/p/26552.html

上一篇: 禁用魔术引号

下一篇: 如果php.ini / .htaccess不可编辑,如何删除魔术引号?