PHP magic_quotes_gpc mainly works on the WEB client server. Its action time starts from the request. Next, we will explain how to use it in detail.
AD:
What we want to introduce to you today is the specific use of PHP magic_quotes_gpc. Everyone knows that there is a special function magic function in PHP, which only takes effect when $_GET, $_POST, $_COOKIE is passed during the reference process.
•Correct use of PHP function preg_split
•Interpretation of the specific use of PHP function explode()
•The difference between PHP function implode() and explode() functions
•PHP classes How CMS automatically obtains keywords
•Discuss how PHP function split() uses regular expressions to cut
1.
Condition: PHP magic_quotes_gpc=off
The string written to the database has not been filtered in any way. The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" into the database ,
Result: A sql statement error occurred, mysql could not successfully complete the sql statement, and failed to write to the database.
Database saving format: No data.
Output data format: No data.
Note: Unprocessed single quotes will cause errors in sql statements when written to the database.
2.
Condition: PHP magic_quotes_gpc=off
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" into the database ,
Result: The sql statement was successfully executed and the data was successfully written into the database
Database saving format: snow”''sun (same as input)
Output data format: snow”''sun (same as input)
Note: The addslashes() function converts single quotes into 'escape characters so that the sql statement can be successfully executed.
But ' is not stored in the database as data. The database saves snow"''sun instead of The snow''''sun we imagined
3.
Condition: PHP magic_quotes_gpc=on
The string written to the database has not been processed in any way. The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" into the database ,
Result: The sql statement was successfully executed and the data was successfully written into the database
Database saving format: snow”''sun (same as input)
Output data format: snow”''sun (same as input)
Note: PHP magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be successfully executed.
But ' is not entered into the database as data. The database saves snow"''sun instead of us. Imaginary snow''''sun.
4.
Condition: PHP magic_quotes_gpc=on
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" into the database ,
Result: The sql statement was successfully executed and the data was successfully written to the database
Database saving format: snow''''sun (escape characters added)
Output data format: snow''''sun ( Escape characters added)
Description: PHP magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be successfully executed.
addslashes converts single quotes about to be written into the database into ', the latter The conversion is written into the
database as data, and the database saves snow''''sun
The summary is as follows:
1. For the case of PHP magic_quotes_gpc=on,
We can not
addslashes the string data of the input and output databases () and stripslashes() operations, the data will be displayed normally.
If you perform addslashes() on the input data at this time,
then you must use stripslashes() to remove excess backslashes when outputting.
2. For the case of PHP magic_quotes_gpc=off
must use addslashes() to process the input data, but there is no need to use stripslashes() to format the output
because addslashes() The backslash is not written to the database together, it just helps mysql complete the execution of the sql statement.
Supplement:
PHP magic_quotes_gpc scope is: WEB client server; action time: when the request starts, such as when the script is running.
magic_quotes_runtime scope: data read from a file or the result of executing exec() or obtained from a SQL query; action time: every time the script accesses the data generated in the running state
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
