PHP
downloads | documentation | faq | getting help | mailing lists | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

Masquer PHP> <Guillemets magiques
Last updated: Fri, 22 Aug 2008

view this page in

Désactiver les guillemets magiques

La directive magic_quotes_gpc ne peut être désactivée qu'au niveau du système, et non pas à l'exécution. En d'autres termes, utiliser ini_set() n'est pas possible.

Exemple #1 Désactiver les guillemets magiques du coté du serveur

Voici un exemple qui donne la valeur de Off à ces directives dans le fichier php.ini. Pour plus de détails, voyez la section Comment changer la configuration. 

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

Si vous n'avez pas accès au serveur, utilisez le fichier .htaccess. Par exemple : 

php_flag magic_quotes_gpc Off

Afin d'écrire du code portable sur tous les environnement, et où vous ne pourrez pas forcément modifier la configuration du serveur, voici un exemple de désactivation de magic_quotes_gpc à l'exécution. Cette méthode est inefficace, et il est recommandé d'utiliser les autres solutions si possible.

Exemple #2 Désactivation des guillemets magiques à l'exécution

<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value)
    {
        $value is_array($value) ?
                    array_map('stripslashes_deep'$value) :
                    stripslashes($value);

        return $value;
    }

    $_POST array_map('stripslashes_deep'$_POST);
    $_GET array_map('stripslashes_deep'$_GET);
    $_COOKIE array_map('stripslashes_deep'$_COOKIE);
    $_REQUEST array_map('stripslashes_deep'$_REQUEST);
}
?>



Masquer PHP> <Guillemets magiques
Last updated: Fri, 22 Aug 2008
 
add a note add a note User Contributed Notes
Désactiver les guillemets magiques
stuart at horuskol dot co dot uk
25-Apr-2008 09:26
I have discovered that my host doesn't like either of the following directives in the .htaccess file:

php_flag magic_quotes_gpc Off
php_value magic_quotes_gpc Off

However, there is another way to disable this setting even if you don't have access to the server configuration - you can put a php.ini file in the directory where your scripts are with the directive:

magic_quotes_gpc = Off

However, these does not propogate unlike  .htaccess rules, so if you launch from a sub-directory, you need the php.ini file in each directory you have as script entry points.
17-Dec-2006 08:20
PHP's magic quotes function has the strange behavior of not adding slashes to top level keys in GPC key/value pairs but adding the slashes in deeper level keys. To demonstrate, a URI of:

example.php?a'b[c'd]=e'f
produces:
array("a'b" => array("c\'d" => "e\'f"))

The current example for removing magic quotes does not do anything to keys, so after running stripslashes_deep, you would end up with:
array("a'b" => array("c\'d" => "e'f"))

Which, needless to say, is wrong. As if you had magic quotes off, it would have been:
array("a'b" => array("c'd" => "e'f"))

I have written a snippet of code compatible with PHP 4.0.0 and above that handles this correctly:

if (get_magic_quotes_gpc()) {
    function undoMagicQuotes($array, $topLevel=true) {
        $newArray = array();
        foreach($array as $key => $value) {
            if (!$topLevel) {
                $key = stripslashes($key);
            }
            if (is_array($value)) {
                $newArray[$key] = undoMagicQuotes($value, false);
            }
            else {
                $newArray[$key] = stripslashes($value);
            }
        }
        return $newArray;
    }
    $_GET = undoMagicQuotes($_GET);
    $_POST = undoMagicQuotes($_POST);
    $_COOKIE = undoMagicQuotes($_COOKIE);
    $_REQUEST = undoMagicQuotes($_REQUEST);
}
sunrunner20
25-Nov-2006 03:10
If php_flag magic_quotes_gpc off does not work
Use php_value magic_quotes_gpc off
insteadin your .htaccess file
rdk
08-Sep-2006 07:44
The function parse_str() (http://us3.php.net/manual/en/function.parse-str.php) is also affected by magic_quotes_gpc, so if that function is called anywhere, stripslashes_deep won't be sufficient by itself.
dedlfix
20-Aug-2006 01:18
The function stripslashes_deep() ignores slashes in the keys

For example a query string like this: ?foo'bar=baz'bal

Output of var_dump($_GET) is:

array(1) {
  ["foo\'bar"]=>
  string(8) "baz\'bal"
}

after stripslashes_deep():

array(1) {
  ["foo\'bar"]=>
  string(7) "baz'bal"
}

If you want the keys to be stripslashed too, you have to unset() the addslahed key and to add a stripslashed version. But keep in mind that this will change the order of the array.
add a note add a note

Masquer PHP> <Guillemets magiques
Last updated: Fri, 22 Aug 2008
 
 
show source | credits | sitemap | contact | advertising | mirror sites