Home Backend Development PHP Tutorial Detailed use of PHP magic_quotes_gpc_PHP tutorial

Detailed use of PHP magic_quotes_gpc_PHP tutorial

Jul 15, 2016 pm 01:30 PM
MAG magic php quotes introduce Instructions us yes condition of detailed

What we want to introduce to you today is 1.
Condition: PHP magic_quotes_gpc=off
The string written to the database has not been filtered in any way. The string read from the database is not processed in any way.

Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).

Operation: Change the string: "snow"' 'sun" is written to the database,

Result: SQL statement error occurs, mysql cannot successfully complete the SQL statement, and writing to the database fails.

Database saving format: No data.

Output data format: No data.

Note: Unprocessed single quotes will cause SQL statement errors when written to the database.

2.
Condition: PHP magic_quotes_gpc=off
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.

Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).

Operation: Change the string: "snow"' 'sun" is written to the database,

Result: The sql statement is executed smoothly and the data is successfully written to the database

Database saving format: snow"''sun (same as input)

Output data format: snow"''sun (same as input)

Explanation: The addslashes() function converts single quotes into ' escape characters so that the sql statement can be executed successfully,
but ' does not As data is stored in the database, the database saves snow''''sun and not the snow''''sun we imagined

3.
Conditions: PHP magic_quotes_gpc=on
Write to the database The string has not been processed in any way. The string read from the database has not been processed in any way: $data="snow"''sun"; (There are four consecutive characters between snow and sun. Single quote).

Operation: Write the string: "snow"''sun" into the database,

Result: The sql statement is executed smoothly, and the data is successfully written into the database

Database saving format: snow”''sun (same as input)

Output data format: snow”''sun (same as input)

Instructions: PHP magic_quotes_gpc=on will single quotes The escape character converted to ' causes the sql statement to be executed successfully,

but ' is not entered into the database as data. The database saves snow''''sun instead of snow''''sun as we imagined.


4.

Condition: PHP magic_quotes_gpc=on

The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.

Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).

Operation: Change the string: "snow"' 'sun" is written to the database,

Result: The sql statement is executed smoothly and the data is successfully written to the database

Database saving format: snow''''sun (escape characters added)

Output data format: snow''''sun (with escape characters added)

Description: PHP magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be executed successfully,

addslashes converts the single quotes that are about to be written into the database into ', and the latter conversion is written into the

database as data. The database saves snow''''sun

which is summarized as follows:

1. For PHP magic_quotes_gpc=on,


we can not perform

addslashes() and stripslashes() operations on the string data input and output from the database, and the data will be displayed normally.


If you perform addslashes() on the input data at this time,

then you must use stripslashes() to remove excess backslashes when outputting.


2. For the case of PHP magic_quotes_gpc=off

must use addslashes() to process the input data, but there is no need to use stripslashes() to format the output

because addslashes() The backslash is not written to the database together, it just helps mysql complete the execution of the sql statement.


Supplement:

PHP magic_quotes_gpc scope is: WEB client server; action time: when the request starts, such as when the script is running.

magic_quotes_runtime scope: data read from a file or the result of executing exec() or obtained from a SQL query; action time: every time the script accesses the data generated in the running state




http://www.bkjia.com/PHPjc/446297.html

truehttp: //www.bkjia.com/PHPjc/446297.htmlTechArticleWhat we want to introduce to you today is 1. Condition: PHP magic_quotes_gpc=off The string written to the database has not passed Any filtering process. The string read from the database is not processed in any way...
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

How To Set Up Visual Studio Code (VS Code) for PHP Development How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

7 PHP Functions I Regret I Didn't Know Before 7 PHP Functions I Regret I Didn't Know Before Nov 13, 2024 am 09:42 AM

If you are an experienced PHP developer, you might have the feeling that you’ve been there and done that already.You have developed a significant number of applications, debugged millions of lines of code, and tweaked a bunch of scripts to achieve op

How do you parse and process HTML/XML in PHP? How do you parse and process HTML/XML in PHP? Feb 07, 2025 am 11:57 AM

This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an

Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Explain JSON Web Tokens (JWT) and their use case in PHP APIs. Apr 05, 2025 am 12:04 AM

JWT is an open standard based on JSON, used to securely transmit information between parties, mainly for identity authentication and information exchange. 1. JWT consists of three parts: Header, Payload and Signature. 2. The working principle of JWT includes three steps: generating JWT, verifying JWT and parsing Payload. 3. When using JWT for authentication in PHP, JWT can be generated and verified, and user role and permission information can be included in advanced usage. 4. Common errors include signature verification failure, token expiration, and payload oversized. Debugging skills include using debugging tools and logging. 5. Performance optimization and best practices include using appropriate signature algorithms, setting validity periods reasonably,

PHP Program to Count Vowels in a String PHP Program to Count Vowels in a String Feb 07, 2025 pm 12:12 PM

A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total

Explain late static binding in PHP (static::). Explain late static binding in PHP (static::). Apr 03, 2025 am 12:04 AM

Static binding (static::) implements late static binding (LSB) in PHP, allowing calling classes to be referenced in static contexts rather than defining classes. 1) The parsing process is performed at runtime, 2) Look up the call class in the inheritance relationship, 3) It may bring performance overhead.

What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? What are PHP magic methods (__construct, __destruct, __call, __get, __set, etc.) and provide use cases? Apr 03, 2025 am 12:03 AM

What are the magic methods of PHP? PHP's magic methods include: 1.\_\_construct, used to initialize objects; 2.\_\_destruct, used to clean up resources; 3.\_\_call, handle non-existent method calls; 4.\_\_get, implement dynamic attribute access; 5.\_\_set, implement dynamic attribute settings. These methods are automatically called in certain situations, improving code flexibility and efficiency.

See all articles