Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

The difference, function and usage of magic_quotes_gpc and magic_quotes_runtime in PHP_PHP Tutorial

WBOY
Release: 2016-07-13 17:44:29
Original
863 people have browsed it

Magic quotes take effect when $_GET, $_POST, $_COOKIE is passed
1.
Condition: magic_quotes_gpc=off
The string written to the database has not been filtered in any way. The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" to the database ,
Result: A sql statement error occurred, mysql could not successfully complete the sql statement, and failed to write to the database.
Database saving format: No data.
Output data format: No data.
Note: Unprocessed single quotes will cause errors in sql statements when written to the database.
2.
Condition: magic_quotes_gpc=off
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" to the database ,
Result: The sql statement was successfully executed and the data was successfully written into the database
Database saving format: snow”''sun (same as input)
Output data format: snow”''sun (same as input)
Note: The addslashes() function converts single quotes into 'escape characters so that the sql statement can be successfully executed.
But ' is not stored in the database as data. The database saves snow"''sun instead of We imagine snow''''sun
3.
Condition: magic_quotes_gpc=on
The string written to the database is not processed in any way. The string read from the database is not processed in any way. >Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" into the database,
Result: The sql statement was executed smoothly and the data was successfully written into the database
Database saving format: snow”''sun (same as input)
Output data format: snow”''sun (same as input)
Explanation: magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be successfully executed.
But ' is not entered into the database as data. The database saves snow"''sun instead of the snow we imagined. ''''sun.
4.
Condition: magic_quotes_gpc=on
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" to the database ,
Result: The sql statement was successfully executed and the data was successfully written into the database
Database saving format: snow''''sun (escape characters added)
Output data format: snow''''sun ( Added escape characters)
Description: magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be successfully executed.
addslashes converts single quotes about to be written into the database into ', the latter The conversion is written into the
database as data, and the database saves snow''''sun
The summary is as follows:
1. For the case of magic_quotes_gpc=on,
we can not input and output the database String data can be operated by
addslashes() and stripslashes(), and the data will be displayed normally.
If you perform addslashes() on the input data at this time,
then you must use stripslashes() to remove excess backslashes when outputting.
2. For the case of magic_quotes_gpc=off
addslashes() must be used to process the input data, but there is no need to use stripslashes() to format the output
because addslashes() does not include backslashes together Writing to the database just helps mysql complete the execution of the sql statement.
Supplementary:
magic_quotes_gpc scope is: WEB client server; action time: when the request starts, such as when the script is running.
magic_quotes_runtime scope: data read from a file or the result of executing exec() or obtained from a SQL query; action time: every time the script accesses the data generated in the running state
=== ========= The difference and usage of magic_quotes_gpc and magic_quotes_runtime =============
PHP provides two magic reference functions magic_quotes_gpc and magic_quotes_runtime that are convenient for us to quote data. If this function is set to ON in php.ini, it will automatically add backslashes for the data we quote when encountering single quotes ' and double quotes ', and backslashes, helping us automatically translate symbols and ensure data operation. It runs correctly, but under different versions of PHP or different server configurations, some magic_quotes_gpc and magic_quotes_runtime are set to on, and some are set to off, so the program we write must comply with both on and off conditions.So what is the difference between the two functions magic_quotes_gpc and magic_quotes_runtime? See the description below:
magic_quotes_gpc
Scope is: WEB client server;
Action time: The request starts, for example when the script is running.
magic_quotes_runtime
Scope: Data read from a file or the result of executing exec() or obtained from a SQL query;
Time of action: Every time the script accesses data generated in the running state .
So
The setting value of magic_quotes_gpc will affect the data obtained through Get/Post/Cookies
The setting value of magic_quotes_runtime will affect the data read from the file or the data obtained from the database query
Example:
Copy content to clipboard
Code:


STR:

/* We fill in the form: " " These symbols, if magic_quotes_gpc is not turned on, then they will not be backslash escaped*/
echo The value passed through POST now Is: ,$_POST[str],
;

if(get_magic_quotes_gpc()) { // Check whether magic_quotes_gpc is turned on, if not, use addslashes to escape
$str = $_POST[str];
} else {
$str = addslashes($_POST[str]);
}

echo Here is the escaped version: ,$str,

;
$sql = "INSERT INTO lastnames (lastname) VALUES ($str)";

//================ ================================================== ====================
//-----magic_quotes_gpc will only escape: Data obtained through Get/Post/Cookies
// -----magic_quotes_runtime will escape: data read from a file or the result of executing exec() or obtained from a SQL query
//============== ================================================== ======================
$data = implode(file(try.php)); // We still write the characters " , used to test
echo Here is the data of try.php,;
if (get_magic_quotes_runtime()) {
$data = $data;
echo .$data escaped by the system itself. ;
} else {
echo escaped by addslashes.$data = addslashes($data);
}

$sql = "INSERT INTO lastnames (lastname) VALUES ($ data)";
echo
The SQL statement is:
,$sql;
//---It is escaped when entering the database, but there is an extra backslash. When we want to read the original data, use stripslashes() to remove the backslash
//---stripslashes() and addslashes() have opposite effects
?>


The most critical difference is the two points mentioned above: they target different processing objects
The setting value of magic_quotes_gpc will affect the data obtained through Get/Post/Cookies
magic_quotes_runtime The set value will affect the data read from the file or the data obtained from the database query
Here are a few related functions:
set_magic_quotes_runtime():
Set the magic_quotes_runtime value. 0 =Off.1=On. The default state is off. You can view magic_quotes_runtime through echo phpinfo();
get_magic_quotes_gpc():
View magic_quotes_gpc value.0=Off.1=On.
get_magic_quotes_runtime() :
View magic_quotes_runtime value. 0=off. 1=on.
Note that there is no set_magic_quotes_gpc() function, that is, the value of magic_quotes_gpc cannot be set in the program.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/478754.htmlTechArticleMagic quotes work when passing $_GET, $_POST, $_COOKIE 1. Condition: magic_quotes_gpc=off write The strings entered into the database are not filtered in any way. String read from database...
Related labels:
magic php quotes runtime effect the difference occur and Quote usage of magic
source:php.cn
Previous article:Commonly used function objects in PHP_PHP tutorial Next article:PHP function getenv() and putenv() and $_SERVER_PHP tutorial
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...
From 2024-04-06 22:09:02
0
1
1428
Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...
From 2024-04-06 22:03:59
0
1
990
What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...
From 2024-04-06 21:55:20
0
1
778
Problems encountered when using opentbs to generate odt files: values ​​of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...
From 2024-04-06 20:18:18
0
1
483
Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...
From 2024-04-06 17:27:56
0
1
406
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template