PHP development study notes

1. When users log in or query data, sometimes there may be quotation marks and other symbols that have an impact on SQL statements (SQL injection attacks). This will have an impact on them when they perform operations in the database.
In this case, it should How to do it?
Scheme: You can use addslashes and stripslashes
addslashes can escape single quotes (,), double quotes ("), backslashes () and NULL (NULL characters) with backslashes
stripslashes is opposite to addslashes One way is to restore these escaped values ​​
2. In some PHP versions, the magic_quotes_gpc configuration is useful, that is, automatic magic quotes, that is, if this configuration is turned on, the values ​​​​$_POST, $_COOKIE, and $_SESSION will automatically Escape, we don’t need to escape
What should we do in this case?
Answer: For the sake of compatibility and portability, we have to judge it,
Look at the following code:

<?php 
 
$textarea = $_POST['textarea'];
 
if(get_magic_quotes_gpc()){
    echo '魔术引号以开启,$textarea不需要转义','<br />';
}else{
    echo '魔术引号未开启,$textarea需要转义','<br />';
    $textarea = addslashes($textarea);
}
 ?>

3. What is an XSS attack? What should we do in this case?
Answer: XSS attack: Cross Site Scripting, not to be confused with the abbreviation of Cascading Style Sheets (CSS)
We can use the htmlspecialchars method. , that is, html entity escaping, that is, these html symbols such as <> will be converted, so when they are printed, they will only be regarded as text instead of scripts

<?php 
 
file_put_contents('01.txt', htmlspecialchars($_POST['textarea']));
echo file_get_contents('01.txt'),'<br />';
//返回<script type="text/javascript"> while (true) { alert('a'); }; </script>
 ?>

The above introduces the PHP development study notes, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.