Help with form (comprehension)


#1

Hello,

We have a subscribe form on our web site that posts the user submitted data to a script for validation.

The part of the script that I don’t fully understand is the following:

`<?php

// Block 1:

if (!get_magic_quotes_gpc())

// Block 2:

{
$email = addslashes($_POST['email']);
$radiofieldA = addslashes($_POST['v431']);
$textfieldA = addslashes($_POST['v552']);
$radiofieldB = addslashes($_POST['v104']);
$un = addslashes($_POST['unsubscribe']);
}

else

// Block 3:

{
$email = $_POST['email'];
$radiofieldA = $_POST['v431'];
$textfieldA = $_POST['v552'];
$radiofieldB = $_POST['v104'];
$un = $_POST['unsubscribe'];

// Block 4:

}

$email = stripslashes($_POST['email']);
$radiofieldA = stripslashes($_POST['v431']);
$textfieldA = stripslashes($_POST['v552']);
$radiofieldB = stripslashes($_POST['v104']);
$un = stripslashes($_POST['unsubscribe']);

}

?>
`

Can someone more experienced please explain to me what each block does in simple terms?

Thank you in advance.


#2

get_magic_quotes_gpc() is a function that checks the configuration (php.ini) and returns 0 if magic_quotes_gpc is off (otherwise it returns 1).

When magic_quotes are on, all ’ (single-quote), " (double quote), \ (backslash) and NULs are escaped with a backslash automatically. This is to prevent all sorts of injection security issues.

Nowadays, the current newer version of handling posted form data is to use the “filter_input()” function. You can uses special arguments for email addresses, numeric fields and others in this function. You can find more info on that in the php.net site or you can ask here and we can help.