Home > Backend Development > PHP Problem > How to turn off magic_quotes_gpc in php

How to turn off magic_quotes_gpc in php

藏色散人
Release: 2023-03-14 20:12:02
Original
3212 people have browsed it

php关闭magic_quotes_gpc的方法:1、将php.ini的“magic_quotes_gpc”设置为Off;2、在“.htaccess”里写入“php_value magic_quotes_gpc Off”。

How to turn off magic_quotes_gpc in php

本文操作环境:windows7系统、PHP7.1版、DELL G3电脑

php怎么关闭magic_quotes_gpc?

PHP6、PHP7关闭magic_quotes_gpc对程序的影响

在PHP5及之前,magic_quotes_gpc默认是开启的。magic_quotes_gpc的作用很微妙,我一直使用PHP5多年,magic_quotes_gpc呈开启状态,平时没有受到任何影响。直到发现PHP的Cookies,如果有'这样的标点符号,在Cookies里,会将这些符号全部转义为\'。

查阅了大量的资料,解决的办法是将php.ini的magic_quotes_gpc设置为Off,或者不改变php.ini,在.htaccess里将magic_quotes_gpc设置为Off,方法是在.htaccess里写入:

php_value magic_quotes_gpc Off
Copy after login

PHP6、PHP7的php.ini里没有magic_quotes_gpc的选项,实际呈关闭状态。magic_quotes_gpc关闭之后,为了加强安全,原来所有的$_POST['abc']和$_GET['abc']最好全部加上stripslashes()来转义,例如:

$aa=stripslashes($_POST['abc']);
$aa=stripslashes($_GET['abc']);
Copy after login

PHP关闭magic_quotes_gpc之后,有一个很特殊的影响。比如在post表单里,如果

发送的信息里恰好有反斜杠符\,如果是用stripslashes($_POST['abc'])来接收,反斜杠符会被全部删除。例如在重要的项目里,提交的内容为:W:\ac3\about,接收到的内容变为:W:ac3about。

(这个影响,有可能在本机的PHP下会删除反斜杠,有些服务器不会删除。)

经过测试,解决的办法是,这时去掉stripslashes,反斜杠符就不会被替换掉,例如:

$aa=$_POST['abc'];
Copy after login

但这样会带来不安全,解决的办法是把提交的信息里的<符转成<,例如:

$aa=str_replace(&#39;<&#39;,&#39;&lt;&#39;,$aa);
Copy after login

经过测试,如果发送的信息里有反斜杠符\,用$aa=stripslashes($_GET['abc'])接收,反斜杠符不受影响,不会被删除。

推荐学习:《PHP视频教程

The above is the detailed content of How to turn off magic_quotes_gpc in php. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
php
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template