Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › General / Announcements › PHP and MySQL › "get_magic_quotes_gpc"

"get_magic_quotes_gpc"

Thread began 10/10/2019 4:17 pm by Stan | Last modified 10/14/2019 10:15 am by Ray Borduin | 1838 views | 5 replies |

10/10/2019 4:17 pm | #1 Stan

"get_magic_quotes_gpc"

As I continue to ready site for php7, I'm wondering what the best replacement is for "get_magic_quotes_gpc"

10/11/2019 9:12 am | #2 Ray BorduinWebAssist

You shouldn't need that. It has been removed, so you shouldn't need to account for it. If you gave me an example in context then I could tell you more, but in general it just won't be necessary anymore. It will always be false, so wherever you used to have it, you could just hard code: false, if not delete it entirely.

Did this help? Tips are appreciated...

10/11/2019 10:17 am | #3 Stan

Example where this is being used. I believe this is old power store code. It is scattered through the pages usually in less clear situations. I can get other examples if you'd like?

$colname1_rsBIBinventory = (get_magic_quotes_gpc()) ? $_POST['BPeCart6_1_SizeID_Add'] : addslashes($_POST['BPeCart6_1_SizeID_Add']);
$colname2_rsBIBinventory = (get_magic_quotes_gpc()) ? $_POST['BPeCart6_1_ColorID_Add'] : addslashes($_POST['BPeCart6_1_ColorID_Add']);
$colname3_rsBIBinventory = (get_magic_quotes_gpc()) ? $_POST['BPeCart6_1_Option1ID_Add'] : addslashes($_POST['BPeCart6_1_Option1ID_Add']);

10/11/2019 11:42 am | #4 Ray BorduinWebAssist

These are lines of code associated with MySQL recordsets.... The code will be rewritten and the references to get_magic_quotes_gpc will be removed once they are updated ty MySQLi for php7.

Did this help? Tips are appreciated...

10/11/2019 12:24 pm | #5 Stan

Here is the previously updated recordset. My understanding is that the get_magic_quotes_gpc and "addslashes" were for security reasons. They are no longer necessary with mysqli? Can the complete line "$colname1_rsBIBinventory = ( get_magic_quotes_gpc() ) ? $_POST[ 'BPeCart6_1_SizeID_Add' ] : addslashes( $_POST[ 'BPeCart6_1_SizeID_Add' ] );" safely be deleted after the recordset uses mysqli?

$colname1_rsBIBinventory = ( get_magic_quotes_gpc() ) ? $_POST[ 'BPeCart6_1_SizeID_Add' ] : addslashes( $_POST[ 'BPeCart6_1_SizeID_Add' ] );
becomes:
$colname1_rsBIBinventory = $_POST[ 'BPeCart6_1_SizeID_Add' ] ;

For reference:
$query_rsBIBinventory = sprintf( "SELECT * FROM product_inventory WHERE ProductID = 23 and SizeID = %s and ColorID = %s and Option1 = %s", GetSQLValueString( $colname1_rsBIBinventory, "int" ), GetSQLValueString( $colname2_rsBIBinventory, "int" ), GetSQLValueString( $colname3_rsBIBinventory, "int" ) ); //make the query string
$rsBIBinventory = $conn_dbi->query( $query_rsBIBinventory );
$row_rsBIBinventory = $rsBIBinventory->fetch_assoc();

10/14/2019 10:15 am | #6 Ray BorduinWebAssist

It will be removed when the recordset is updated to MySQLi and it will not be necessary since that protection is built in with the use of parameterized SQL statements.

Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.