I am encountered with the situation where one of my old code is using get_magic_quotes_gpc()
which is deprecated in the latest PHP version 7.4.*
Currently, I have something like this.
Add Slashes
return get_magic_quotes_gpc() ? addslashes($string) : $string;
Remove Slashes
return get_magic_quotes_gpc() ? stripslashes($string) : $string;
Which is obviously giving error
Deprecated: Function get_magic_quotes_gpc() is deprecated
Question:
How can I fix it? So can work the same without using get_magic_quotes_gpc()
function?
2
Answers
You need to remove every mention of this function from your code and do not replace it with anything else.
get_magic_quotes_gpc()
has been useless ever since PHP 5.4.0. It would tell you whether you have magic quotes switched on in the configuration or not. Magic quotes were a terrible idea and this feature was removed for security reasons (PHP developers believed in magic & superstitions and wrote unsecure code).Most likely even you yourself do not know why you had this line of code in your project. I know I was fooled by it when I was learning PHP. The reality is you do not need it at all. This function has nothing to do with security and the concept of input sanitization is preposterous.
Instead, rely on good security guidelines.
htmlspecialchars()
to prevent XSS.Replace
get_magic_quotes_gpc()
withfalse
.Then simplify complex expressions by removing the unreachable branches. E.g.
becomes simply