PHP magic_quotes_gpc_PHP tutorial-PHP Tutorial-php.cn

PHP magic_quotes_gpc_PHP tutorial

WBOY

Release： 2016-07-13 10:36:43

Original

835 people have browsed it

If you perform addslashes() on the input data at this time, you must use stripslashes() to remove excess backslashes when outputting. 2. For the case of PHP magic_quotes_gpc=off You must use addslashes() to process the input data, but you do not need to use stripslashes() to format the output, because addslashes() does not write the backslashes together into the database, but just helps mysql complete the execution of the sql statement. Replenish: PHP magic_quotes_gpc scope is: WEB client server; action time: when the request starts, such as when the script is running. magic_quotes_runtime Scope: Data read from a file or the result of executing exec() or obtained from a SQL query; Time of action: Every time the script accesses data generated in the running state example: 1. Condition: PHP magic_quotes_gpc=off Strings written to the database are not filtered in any way. The string read from the database is not processed in any way. Data: $data=”snow”’’sun”; (There are four consecutive single quotes between snow and sun). Operation: Write the string: “snow”’’sun” into the database, Result: A SQL statement error occurred. MySQL could not successfully complete the SQL statement and failed to write to the database. Database saving format: No data. Output data format: No data. Note: Unprocessed single quotes will cause SQL statement errors when written to the database. 2. Condition: PHP magic_quotes_gpc=off Data: $data=”snow”’’sun”; (There are four consecutive single quotes between snow and sun). Operation: Write the string: “snow”’’sun” into the database, Result: The sql statement was successfully executed and the data was successfully written to the database. Database saving format: snow”’’sun (same as input) Output data format: snow”’’sun (same as input) Description: The addslashes() function converts single quotes into 'escape characters so that the SQL statement can be executed successfully. But it’s not stored as data in the database. What the database saves is snow”’’sun, not the snow’’’’sun we imagined. 3. Conditions: PHP magic_quotes_gpc=on The string written to the database is not processed in any way. The string read from the database is not processed in any way. Data: $data=”snow”’’sun”; (There are four consecutive single quotes between snow and sun). Operation: Write the string: “snow”’’sun” into the database, Result: The sql statement was successfully executed and the data was successfully written to the database. Database saving format: snow”’’sun (same as input) Output data format: snow”’’sun (same as input) Description: PHP magic_quotes_gpc=on converts single quotes into ' escape characters so that the sql statement can be executed successfully. But it’s not entered into the database as data. What the database saves is snow’’’sun, not the snow’’’’sun we imagined. 4. Conditions: PHP magic_quotes_gpc=on Data: $data=”snow”’’sun”; (There are four consecutive single quotes between snow and sun). Operation: Write the string: “snow”’’sun” into the database, Result: The sql statement was successfully executed and the data was successfully written to the database. Database saving format: snow’’’’sun (escape characters added) Output data format: snow’’’’sun (escape characters added) Description: PHP magic_quotes_gpc=on converts single quotes into ' escape characters so that the sql statement can be executed successfully. addslashes converts the single quotes that are about to be written into the database into ', and the latter conversion is written as data Database, the database saves snow’’’’sun

Note:

This feature has been DEPRECATED as of PHP 5.3.0 andREMOVED as of PHP 5.4.0. So there is no reason to use magic quotes anymore as it is no longer part of PHP support. But it helps newbies write better (safer) code without even realizing it. But when working with code, it's better to change your code rather than rely on magic quotes being turned on.