Introduction to the usage of php get_magic_quotes_gpc() function_PHP tutorial

The role of the magic_quotes_gpc function in PHP is to determine and parse the data prompted by the user, such as: post, get, and cookie data. Add the escape character "" to ensure that these data will not trigger the program, especially the database statement because of special characters. Fatal errors caused by contamination ​

In the case of magic_quotes_gpc=On, if the input data has

Characters such as single quote ('), double quote ("), backslash () and NUL (NULL character) will be backslashed. These escapes are necessary. If this option is off, then We must call the addslashes function to add escapes to the string

.

It is precisely because of the contradiction that this option must be On, but it also allows users to configure it, this option has been deleted in PHP6, and all programming needs to be performed under magic_quotes_gpc=Off. In such an environment, if the user's data is not escaped, the consequences are not just program errors. The same will cause the risk of database injection attacks. So from now on, everyone should no longer rely on this setting being On, lest one day your server needs to be updated to PHP6 and your program will not work properly.

The code is as follows

Copy code

代码如下	复制代码
当magic_quotes_gpc=On的时候，函数get_magic_quotes_gpc()就会返回1 当magic_quotes_gpc=Off的时候，函数get_magic_quotes_gpc()就会返回0

When magic_quotes_gpc=On, the function get_magic_quotes_gpc() will return 1

When magic_quotes_gpc=Off, the function get_magic_quotes_gpc() will return 0

So it can be seen that the function of this get_magic_quotes_gpc() function is to get the value of the environment variable magic_quotes_gpc. Since the magic_quotes_gpc option has been deleted in PHP6, I think this function no longer exists in PHP6.

代码如下	复制代码
function SQLString($c, $t){  $c=(!get_magic_quotes_gpc())?addslashes($c):$c;  switch($t){   case 'text':    $c=($c!='')?"'".$c."'":'NULL';    break;   case 'search':    $c="'%%".$c."%%'";    break;   case 'int':    $c=($c!='')?intval($c):'0';    break;  }  return $c; }

PHP determines whether the get_magic_quotes_gpc function is enabled to facilitate our decision to use the addslashes function.

The code is as follows

Copy code

代码如下

复制代码

function check_input($value) { // 去除斜杠 if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // 如果不是数字则加引号 if (!is_numeric($value)) { $value = “‘” . mysql_real_escape_string($value) . “‘”; } return $value; } $con = mysql_connect(“localhost”, “hello”, “321″); if (!$con) { die(‘Could not connect: ‘ . mysql_error()); } // 进行安全的 SQL $user = check_input($_POST['user']); $pwd = check_input($_POST['pwd']); $sql = “SELECT * FROM users WHERE user=$user AND password=$pwd”; mysql_query($sql); mysql_close($con); ?>

function SQLString($c, $t){ $c=(!get_magic_quotes_gpc())?addslashes($c):$c; switch($t){ case 'text': $c=($c!='')?"'".$c."'":'NULL'; break; case 'search': $c="'%%".$c."%%'"; break; case 'int': $c=($c!='')?intval($c):'0'; break; } return $c; }

Correct ways to prevent database attacks

The code is as follows

Copy code

function check_input($value) { //Remove slashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // If it is not a number, add quotes if (!is_numeric($value)) { $value = “‘” . mysql_real_escape_string($value) . “‘”; } return $value; } $con = mysql_connect(“localhost”, “hello”, “321″); if (!$con) { die(‘Could not connect: ‘ . mysql_error()); } // Perform secure SQL $user = check_input($_POST['user']); $pwd = check_input($_POST['pwd']); $sql = “SELECT * FROM users WHERE user=$user AND password=$pwd”; mysql_query($sql); mysql_close($con); ?>

http://www.bkjia.com/PHPjc/445286.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445286.htmlTechArticleThe function of magic_quotes_gpc function in PHP is to judge and parse the data prompted by the user, such as: post, get, cookie Add escape characters to the incoming data to ensure that these data will not cause processing...