Home > Backend Development > PHP Tutorial > Quickly master the principle of PHP quotation escape_PHP tutorial

Quickly master the principle of PHP quotation escape_PHP tutorial

WBOY
Release: 2016-07-15 13:35:09
Original
1044 people have browsed it

We are using

There are three settings in PHP that can automatically match ' (single quote), " (double quote), (backslash) and NULL characters Transfer.

PHP calls it magic quotes. These three settings are

magic_quotes_gpc

which affects HTTP request data (GET, POST and COOKIE). The default value in PHP is on.

magic_quotes_runtime

If turned on, most functions that obtain and return data from external sources, including databases and text files, will return The data will be backslash escaped. This option can be changed at runtime. The default value in PHP is off

magic_quotes_sybase

If turned on, single quotes will be used. PHP quote escapes single quotes instead of backslashes. This option completely overrides magic_quotes_gpc. If both options are turned on, single quotes will be escaped. Double quotes, backslashes, and NULL characters will not be escaped.

Although it is convenient to implement automatic PHP quotation mark escaping of special symbols, this will reduce the efficiency of the program and make the portability of the program cumbersome. If you don't know the server ini settings, you also need to call get_magic_quotes_gpc(), get_magic_quotes_runtime() or ini_get() to detect the status.

For example:

<ol class="dp-xml">
<li class="alt"><span><span>if (!get_magic_quotes_gpc()) {  </span></span></li>
<li>
<span>$</span><span class="attribute">lastname</span><span> = </span><span class="attribute-value">addslashes<br></span><span>($_POST['lastname']);  </span>
</li>
<li class="alt"><span>} else {  </span></li>
<li>
<span>$</span><span class="attribute">lastname</span><span> = $_POST['lastname'];  </span>
</li>
<li class="alt"><span>}   </span></li>
</ol>
Copy after login

Therefore, it is best to turn off PHP’s magic quotes, and manually use addslashes(), stripslashes() to escape and cancel PHP quote escapes according to the situation. You can learn from discuz and add set_magic_quotes_runtime(0); to the configuration file to cancel escaping.


www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445921.htmlTechArticleWe have three settings in using PHP to automatically pair (single quotes), (double quotes), (reverse slash) and NULL characters are transferred. PHP calls it magic quotes. These three settings are...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template