Analysis of security problems caused by PHP magic quotes

This article mainly introduces the security problem analysis caused by PHP magic quotes, which is very important for security coding! For more information, see the "\" character produced by extracting magic quotes in PHP. for example, the following code snippet:

// foo.php?xigr='ryatfunction daddslashes($string, $force = 0) {!defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());if(!MAGIC_QUOTES_GPC || $force) {if(is_array($string)) {foreach($string as $key => $val) {$string[$key] = daddslashes($val, $force);}} else {$string = addslashes($string);}}return $string;}...foreach(array('_COOKIE', '_POST', '_GET') as $_request) {foreach($$_request as $_key => $_value) {$_key{0} != '_' && $$_key = daddslashes($_value);}}echo $xigr['hi'];// echo \

The above code originally expected to get an array variable $ xigr ['hi'] After the daddslashes () security processing, but did not strictly define the type of the variable $ xigr, when we submit a string variable $ xigr = 'ryat and convert it to \ 'ryat after the above processing, \ will be output at the end of $ xigr ['hi \, if this variable is introduced into an SQL statement, it will cause serious security problems. let's take a look at the following code snippet:

...if($xigr) {foreach($xigr as $k => $v) {$uids[] = $v['uid'];}$query = $db->query("SELECT uid FROM users WHERE uid IN ('".implode("','", $uids)."')");

By submitting foo. php? Xigr [] = '& xigr [] [uid] = evilcode can easily break through GPC or similar security processing to form an SQL injection vulnerability! Pay enough attention to this!