Codex tools: Log in / create account
Contents |
Navigates through an array and removes slashes from the values.
If an array is passed, the array_map() function causes a callback to pass the value back to the function. The slashes from each value will be removed using the stripslashes() function.
<?php stripslashes_deep( $value ) ?>
You may want this function when developing your own PHP application intended to run within the WordPress environment. Specifically, your program needs to strip slashes when data arrives via $_POST, $_GET, $_COOKIE, and $_REQUEST arrays.
An example would be a "Contact Me" page and the ancillary program that sanitizes the user-supplied text. Such user inputs typically travel from an HTML <form method="post" ... > to your program by way of the $_POST array. stripslashes_deep(), in that case, could be used thus:
$_POST = array_map( 'stripslashes_deep', $_POST );
This example of stripslashes_deep() is recursive and will walk through the $_POST array even when some of the elements are themselves an array.
When you write program code for public distribution, you do not know ahead of time if the target server has magic quotes enabled. It is, therefore, best coding practice for your program to check for magic quotes and strip slashes if need be. It is worth knowing that stripslashes_deep() does not check for the presence of slashes. Your program would, most properly, test for and remove magic quote slashes.
One possible way to use stripslashes_deep() is this:
if ( get_magic_quotes_gpc() ) {
$_POST = array_map( 'stripslashes_deep', $_POST );
$_GET = array_map( 'stripslashes_deep', $_GET );
$_COOKIE = array_map( 'stripslashes_deep', $_COOKIE );
$_REQUEST = array_map( 'stripslashes_deep', $_REQUEST );
}
Since: 2.0.0
stripslashes_deep() is located in wp-includes/formatting.php.