PHP get_magic_quotes_gpc () addslashes ()

Recently learned to learn PHP, see this piece of code

function Daddslashes ($STR) {
Return (!GET_MAGIC_QUOTES_GPC ())? Addslashes ($STR): $str;
}

Found GET_MAGIC_QUOTES_GPC ()) and addslashes () function is not familiar with, looked up the following information, as follows:

GET_MAGIC_QUOTES_GPC (); is to get the PHP environment variable MAGIC_QUOTES_GPC value. If the value is 1 o'clock, the switch is on, or if it is 0 o'clock, the configuration is off!

1. GET_MAGIC_QUOTES_GPC (); A value of 1 means open. Then PHP automatically adds the escape character "\" to the parameter values passed by the post, GET, and cookie to ensure the security of the data. In particular, prevent SQL injection.

2. GET_MAGIC_QUOTES_GPC (); a value of 0 means close. The PHP parser does not automatically add the escape character "\" for post, GET, and cookie-passed parameter values, then the Addslashes function is used to escape the parameter.

•  GET_MAGIC_QUOTES_GPC (), not open, filter parameters with addslashes function to prevent injection example:

  <?php

  $str = $_post[' str '];

  If (!GET_MAGIC_QUOTES_GPC ()) {//First not open

  $newStr =addslashes ($STR);//And then filter by Addslashes function

  }

  ?

  • addslashes () function adds a backslash before the specified predefined character.

    These predefined characters are:

    • single quote (')
    • double quotation mark (")
    • backslash (\)
    • NULL
  • By default, the PHP instruction MAGIC_QUOTES_GPC is on, for all GET, POST, and COO KIE data automatically runs Addslashes (). Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.
  • It's pretty clear, so it's a collection!!!

Note: originated from the network

PHP get_magic_quotes_gpc () addslashes ()