php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #30754 Add a function like smart_addslashes()?
Submitted: 2004-11-10 22:19 UTC Modified: 2004-11-12 08:48 UTC
From: webjedi at hudzilla dot eclipse dot co dot uk Assigned:
Status: Wont fix Package: Feature/Change Request
PHP Version: Irrelevant OS: Fedora Core 3
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: webjedi at hudzilla dot eclipse dot co dot uk
New email:
PHP Version: OS:

 

 [2004-11-10 22:19 UTC] webjedi at hudzilla dot eclipse dot co dot uk
Description:
------------
Would it be possible to write a function, named something like smart_addslashes(), that only adds slashes to a string if magic_quotes_gpc is disabled?

Yes, this is only three lines of userland code:

  if (!get_magic_quotes_gpc()) {
    $input_string = addslashes($input_string);
  }

But adding slashes to strings is a common task, and checking whether the string has already been auto-slashed is crucial for portability reasons - trimming three lines down to one would help ease the job a little.

Thanks!


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-11-11 07:06 UTC] tony2001@php.net
Here it is:
<?
function smart_addslashes($str) {
  if (!get_magic_quotes_gpc()) {
    return addslashes($str);
  }
  return $str;
} 
?>
Is that what you want?
 [2004-11-11 12:12 UTC] webjedi at hudzilla dot eclipse dot co dot uk
Yeah, that's pretty much it, except putting it in PHP 
means that I'd need to include that function in every 
script (or link it in with file prepending) and 
distribute it, and also other people would need to use 
it if they want the same functionality.

I put together a simple test by copying the addslashes 
function and simply adding an if 
(PG(magic_quotes_runtime)) around it (not the ideal 
solution, I know) and it seems to be a little more than 
twice as fast to put the code into PHP.

So, it's faster, easier to use, and more portable, plus 
a proper implementation would just check the magic 
quotes setting then do a function passthrough, and so 
wouldn't add much to the code.

What do you think?
 [2004-11-11 13:15 UTC] tony2001@php.net
I consider it senseless to add a function, that could be implemented in 4 lines of PHP code.
 [2004-11-12 08:48 UTC] derick@php.net
I concur, this is something that belongs in your application and not in PHP. Marking as "Wont fix".
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Dec 27 12:01:29 2024 UTC