Hudzilla.org - the homepage of Paul Hudson
Contents > HTML Forms > Handling data Wish List | Report Bug | About Me ]

7.4.4     Data handling summary

This is NOT the latest copy of this book; click here for the latest version.

Nearly everyone will find that it is best to stick with the default settings and use the superglobals - not only is it the recommended way, but it is also the most secure, and will guarantee your code will work on other machines without the need to edit the php.ini file.

Nevertheless, it is important to have a good understanding of what other code is out there in the wild - there are usually several methods to accomplish the same task in PHP, so you should be ready for anything!





<< 7.4.3 Magic quotes   7.4.5 Handling our form >>
Table of Contents
 Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.



My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
Top-right shadow
 
Bottom-left shadow Bottom shadow

Comments from other readers
janmat_p@hotmail.com - 06 Sep 2008
Good Site

Paolo Dodet/paolo@sensoincomum.com - 06 Sep 2008
Hi there,

I found your online manual absolutely fantastic. I would really like to tell you how much I have appreciated this whole thing of yours. On the other hand, as for the magic quotes, I prefer to let them off as default, and insert this, in my scripts:

if (get_magic_quotes_gpc()) {
$_GET = array_map('stripslashes', $_GET);
$_POST = array_map('stripslashes', $_POST);
$_COOKIE = array_map('stripslashes', $_COOKIE);
}

As you can understand, it only backlashes the input from forms if I use this before any processing of the input is made, this is, leaving all the other inputs having quotes as they wish, not at all bothered by this.

I found it a practical way to solve a problem of security which would be left unresolved leaving magic quotes "on".

Best Regards

Paolo

singpolyma AT homail.com - 06 Sep 2008
I would just like to say that sometimes using the superglobals can be a pain in the butt. Like if you have a script that needs to be able to accept the same input via either POST or GET then it takes twice the code to use the superglobals as it does to use registered globals.



Add comment
Please note that by posting a comment here you are committing it to the public domain. This is important so that others can make use of your code themselves, and also so that I can incorporate helpful notes directly into the main text. Comments are limited to 2000 characters in length.

If you are reporting an error in the content, please tell me directly.

Your name/email address:
Your comment:
 
Now, in order to verify that you're a real person, please answer this simple question: what is zero plus zero?
The answer is:
(please write in
numbers, eg 19)


Top-right shadow
 
Bottom-left shadow Bottom shadow

This website and its content is copyright © Paul Hudson 2005, all rights reserved.