How can I replicate magic_quotes functionality in a XAMPP PHP7.4 server?

Question

First of all, I understand that magic_quotes causes all kinds of problems and has no place in modern PHP. I'm in a very specific situation where I've upgraded XAMPP from PHP 5 to PHP 7.4 for an intranet site comprised of more than 5000 files. Suddenly, all kinds of SQL INSERT queries are breaking when the user-generated string has single or double quotes in it. It's in no way feasible for me to go through and wrap every variable across these 5000 files with the add_slashes function, so I need to come up with some way to globally apply the same logic that magic_quotes did. Any suggestions?

Answer 1

You really need to update this application How can I prevent SQL injection in PHP?. However, I am pretty sure that's not going to happen. So, in a header file or one that is included before any database operation (auto_prepend_file maybe), just map the superglobals to addslashes. You can add $_COOKIE if needed:

$_POST = array_map('addslashes', $_POST);
$_GET  = array_map('addslashes', $_GET);

Obviously this won't handle multidimensional arrays so you'll have to use a recursive function:

function addslashes_recursive($v) {
    $v = is_array($v) ? array_map('addslashes_recursive', $v) : addslashes($v);    
    return $v;
}

$_POST = addslashes_recursive($_POST);
$_GET  = addslashes_recursive($_GET);