Impact of magic_quotes_gpc on unserialize in php

Source: Internet
Author: User
This article mainly introduces the impact of magic_quotes_gpc on unserialize in php. It analyzes the impact of magic_quotes_gpc Security filtering on unserialize and its solution in the form of an instance.

This article mainly introduces the impact of magic_quotes_gpc on unserialize in php. It analyzes the impact of magic_quotes_gpc Security filtering on unserialize and its solution in the form of an instance.

This article analyzes the impact of magic_quotes_gpc on unserialize in php. Share it with you for your reference. The details are as follows:

Magic_quotes_gpc is a php function that adds some security filters to single double quotes. However, this function has some impact on our use of the unserialize function, next, let's take a look at several examples and solutions for this problem.

Yesterday, my friend asked me to help him solve the problem of the shopping cart program on his website. The program uses PHPCMS. It was good before changing the space. I just changed the space, the specific problem is that the system prompts that the shopping cart is successfully added to the shopping cart page, and the shopping cart is empty.

After reading the code, the general principle is to store the product ID and quantity in the array, serialize it, store it in the COOKIE, and deserialize the COOKIE on the shopping cart page, obtain the array and read the corresponding product information.

After debugging, the problem occurs on unserialize. I first wrote a code segment based on its shopping cart principle. The Code is as follows:

The Code is as follows:

<? Php
Header ("Content-type: text/html; charset = UTF-8 ");
$ Magic = get_magic_quotes_gpc ()? "Enabled": "disabled ";

$ Str = array ('goods _ id' => 13, 'number' => 1 ));
Setcookie ("cart", serialize ($ str ));
Echo "magic_quotes_gpc:". $ magic ."
";
Echo $ _ COOKIE ['cart']."
";
Print_r (unserialize ($ _ COOKIE ['cart']);
?>


You can run this code to find that when your magic_quotes_gpc is closed, the program runs normally. However, when magic_quotes_gpc is enabled, you will find that deserialization is not successful, then you may know where the problem is?

The reason is that when magic_quotes_gpc is enabled, the system will automatically escape the single quotes in the result of the post get cookie with \, so the value of $ _ COOKIE ['cart'] becomes: 1: {I: 0; a: 2: {s: 8: \ "goods_id \"; I: 13; s: 6: \ "number \"; I: 1;}. In this case, unserialize cannot be deserialized successfully, and a problem occurs.

The solution is simply to change unserialize ($ _ COOKIE ['cart']) to unserialize (stripslashes ($ _ COOKIE ['cart']), and add stripslashes before the COOKIE, remove the escape character.

Test the cookie impact:

1. Problem: project data needs to be serialized and stored in the cookie, and then the reverse sequence of the cookie data is obtained to obtain the original data. The Code is as follows:

The Code is as follows:

$ A [0] = array ("key" => "Haha ");
$ A [1] = array ("key" => "Haha ");
$ Jsona = json_encode ($ );
Setcookie ("testcookie ","");
Setcookie ("testcookie", $ jsona );
Var_dump ($ jsona, true); // normal value
Var_dump (json_decode ($ _ COOKIE ['testcookie '], true); // The value cannot be obtained.


If no value is assigned by the cookie, The deserialization is normal. After the cookie is passed, the obtained value is null.

2. Analyze the Code as follows:

The Code is as follows:

$ A [0] = array ("key" => "Haha ");
$ A [1] = array ("key" => "Haha ");
$ Jsona = json_encode ($ );
Var_dump ($ jsona); // string (50) "[{" key ":" \ u54c8 \ u903b "},{" key ": "\ u54c8 \ u903b"}]"
Setcookie ("testcookie ","");
Setcookie ("testcookie", $ jsona );
Var_dump ($ _ COOKIE ['testcooker']); // string (62) "[{\" key \ ": \" \ u54c8 \ u903b \"}, {\ "key \": \ "\ u54c8 \ u903b \"}]"
Var_dump (json_decode ($ _ COOKIE ['testcookie '], true ));


After comparing the data and processing the cookie, the Code is as follows:

The Code is as follows:

Var_dump (json_decode (stripslashes ($ _ COOKIE ['testcookie ']), true ));
Var_dump (json_decode (str_replace ("\", "", $ _ COOKIE ['testcookie ']), true ));


3. conclusion: When magic_quotes_gpc is enabled, data obtained through get | post | cookies will be affected. therefore, when we get | post | cookies process data, we first determine whether magic_quotes_gpc is enabled.

① When it is enabled, stripslashes is required to process data.

② If it is not enabled, accept the data first addslashes and process the data stripslashes

I hope this article will help you with PHP programming.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.