Detailed explanation of PHP function: magic_quotes

Detailed explanation of PHP function: magic_quotes_gpc()

WBOY

Release： 2016-07-25 08:46:40

Original

2453 people have browsed it

Get the value of PHP environment variable magic_quotes_gpc, which is a PHP system function.

Syntax: long get_magic_quotes_gpc(void);

Return value: long integer

What does this function do?

This function gets the value of the variable magic_quotes_gpc (GPC, Get/Post/Cookie) in the PHP environment configuration. Returning 0 means turning off this function; returning 1 means turning this function on. When magic_quotes_gpc is turned on, all ' (single quotes), ” (double quotes), (backslashes) and null characters will automatically be converted to overflow characters containing backslashes.

in the php configuration file There is a Boolean setting, magic_quotes_runtime. When it is turned on, most of PHP's functions automatically add backslashes to overflow characters in data imported from the outside (including databases or files). Of course, if they are given repeatedly. If you add a backslash to the overflow character, there will be multiple backslashes in the string, so you need to use set_magic_quotes_runtime() and get_magic_quotes_runtime() to set and detect the magic_quotes_runtime status in the php.ini file. In order to ensure that your program can execute normally regardless of the server settings, you can use get_magic_quotes_runtime to detect the status of the setting at the beginning of the program to determine whether to process it manually, or use set_magic_quotes_runtime(0) at the beginning (or when automatic escaping is not required). Turn off this setting.

magic_quotes_gpc sets whether to automatically add backslashes to the '" in the data sent by GPC (get, post, cookie). System settings can be detected using get_magic_quotes_gpc(). If this setting is not turned on, you can use the addslashes() function to add it. Its function is to add backslashes before certain characters when required in database query statements. These characters are single quotes ('), double quotes ("), backslash () and NUL (NULL character).

General usage is as follows:

if(!get_magic_quotes_gpc()){ addslashes( $prot);}

In the introduction of string addslashes (string str), there is a sentence explaining the usage and function of get_magic_quotes_gpc. By default, the PHP instruction magic_quotes_gpc is on, which is mainly for all GET, POST and COOKIE data automatically run addslashes(). Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, because this will cause double-level escaping. You can use the function get_magic_quotes_gpc() to detect this situation.

In fact, this function is to determine whether PHP has automatically called addslashes. This function:

最土团购系统里的magic_gpc

define('SYS_MAGICGPC', get_magic_quotes_gpc());
$_POST = magic_gpc($_POST);
function magic_gpc($string) {
if(SYS_MAGICGPC) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = magic_gpc($val);
}
} else {
$string = stripslashes($string);
}
}
return $string;
}
echo 'get_magic_quotes_gpc的值: '.get_magic_quotes_gpc();
echo '
';
echo '直接输出POST变量: '.$_POST['nowamagic'];
echo '
';
echo '经过magic_gpc处理: '.magic_gpc($_POST['nowamagic']);
?>

复制代码

程序输出：

Value of get_magic_quotes_gpc: 1 Directly output POST variable: no'wamagic.net Processed by magic_gpc: no'wamagic.netAnother example:

echo 'get_magic_quotes_gpc: '.get_magic_quotes_ gpc( ; : '.addslashes($_POST['nowamagic']);
$nowamagic amagic;
?>
" " name="nowamagic" value="no'wamagic.net">
Copy code
Program output:
get_magic_quotes_gpc: 1 Direct output POST variable: no'wamagic.netaddslashes: no'wa\magic.net Post-processing output: no'wamagic.net
Basic knowledge