StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POWhen does filter_input() remove slashes of POST variables?
primarykey
Id
9533122
data
AcceptedAnswerId
0
AnswerCount
2
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2012-03-02T12:16:03.550
FavoriteCount
0
LastActivityDate
2014-07-24T13:47:24.507
LastEditDate
2013-11-02T18:53:32.747
LastEditorUserId
1711796
OwnerUserId
771077
ParentId
0
PostTypeId
1
Score
2
ViewCount
1189
LastEditorDisplayName
text
Body
<p>I created a small PHP-script, that runs on a server with PHP 5.2.17 and the <code>magic_quotes_gpc</code> directive enabled.</p> <p>I have no write-access to the php.ini file, and I'd like to remove all slashes from user inputs.</p> <p>This should work even if the <code>magic_quotes_gpc</code> directive is turned off (for example when moving the scripts to another server).</p> <p>It should also work recursively when arrays are submitted by the user.<br> I prefer using a built in-function.</p> <pre><code><html> <head> <title>HP</title> </head> <body> <form method="POST" action="magic.php"> <input type="text" value="te\\&quot;st" name="test1"> <input type="text" value="te\\&quot;st" name="test2[tw&quot;o]"> <input type="submit" value="submit"> </form> <?php echo "<pre>"; echo "magic_quotes: ".get_magic_quotes_gpc()."\n"; echo "<hr>test1"; echo "filter_input: ".filter_input(INPUT_POST, "test1")."\n"; echo "POST: ".$_POST['test1']."\n"; echo "<hr>test2 (filter)"; print_r(filter_input_array(INPUT_POST))."\n"; echo "<hr>test2 (post)"; print_r($_POST)."\n"; echo "</pre>"; ?> </body> </html> </code></pre> <p>Which gives the following result on my server:</p> <pre><code>magic_quotes: 1 filter_input: te\\"st POST: te\\\\\"st test2 (filter)Array ( [test1] => te\\"st [test2] => Array ( [tw\"o] => te\\"st ) ) test2 (post)Array ( [test1] => te\\\\\"st [test2] => Array ( [tw\"o] => te\\\\\"st ) ) </code></pre> <p>It seems that except for the array keys the slashes are removed.</p> <p>Or are the slashes never added? (<code>filter_input()</code> and <code>filter_input_array()</code> might ignore the <code>magic_quotes_gpc</code> directive, since it is deprecated; but I could not find a reference for that)</p> <p>Is the behaviour for removing/not setting the slashes of <code>filter_input()</code> and <code>filter_input_array()</code> somehow dependent on system-parameters?<br> I don't understand the warning <a href="http://www.php.net/manual/en/filter.filters.sanitize.php" rel="nofollow">here</a>.</p>
Tags
<php><magic-quotes-gpc>
Title
When does filter_input() remove slashes of POST variables?
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USDukeling
UserOwnerUserId
1. USR_User
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. PL
  singulars
  LinkTypeLinkTypeId
  LTLinked
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
  singulars
  PostTypePostTypeId
  PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.