First of all, I understand that magic_quotes causes all kinds of problems and has no place in modern PHP. I'm in a very specific situation where I've upgraded XAMPP from PHP 5 to PHP 7.4 for an intranet site comprised of more than 5000 files. Suddenly, all kinds of SQL INSERT queries are breaking when the user-generated string has single or double quotes in it. It's in no way feasible for me to go through and wrap every variable across these 5000 files with the add_slashes function, so I need to come up with some way to globally apply the same logic that magic_quotes did. Any suggestions?
You really need to update this application How can I prevent SQL injection in PHP?. However, I am pretty sure that's not going to happen. So, in a header file or one that is included before any database operation (auto_prepend_file maybe), just map the superglobals to addslashes. You can add $_COOKIE if needed:
$_POST = array_map('addslashes', $_POST);
$_GET = array_map('addslashes', $_GET);
Obviously this won't handle multidimensional arrays so you'll have to use a recursive function:
function addslashes_recursive($v) {
$v = is_array($v) ? array_map('addslashes_recursive', $v) : addslashes($v);
return $v;
}
$_POST = addslashes_recursive($_POST);
$_GET = addslashes_recursive($_GET);