PHP: how to (correctly) remove escaped quotes in arrays when Magic Quotes are ON

Question

As you know when Magic Quotes are ON, single quotes are escaped in values and also in keys. Most solutions to remove Magic Quotes at runtime only unescape values, not keys. I'm seeking a solution that will unescape keys and values...

I found out on PHP.net this piece of code:

$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process))
{
    foreach ($val as $k => $v)
    {
        unset($process[$key][$k]);
        if (is_array($v))
        {
            $process[$key][stripslashes($k)] = $v;
            $process[] = &$process[$key][stripslashes($k)];
        }
        else
        {
            $process[$key][stripslashes($k)] = stripslashes($v);
        }
    }
}
unset($process);

But I don't like "&" references and arrays as I got bugs like this one in the past...

Is there a "better" way to unescape Magic Quotes (keys and values) at runtime than the one above?

Answer 1

I think this is a little cleaner and avoids reference bugs:

function unMagicQuotify($ar) {
  $fixed = array();
  foreach ($ar as $key=>$val) {
    if (is_array($val)) {
      $fixed[stripslashes($key)] = unMagicQuotify($val);
    } else {
      $fixed[stripslashes($key)] = stripslashes($val);
    }
  }
  return $fixed;
}

$process = array($_GET,$_POST,$_COOKIE,$_REQUEST);
$fixed = array();
foreach ($process as $index=>$glob) {
  $fixed[$index] = unMagicQuotify($glob);
}
list($_GET,$_POST,$_COOKIE,$_REQUEST) = $fixed;