Deep Dive into PHP magic quotes _php Tutorials

Special view of the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are configured in php.ini, and it can be seen from the manual that these features have been abolished since php5.3, so it is strongly not to use them and to close them in php.ini.

The function of these functions is to escape the data. When it comes to preventing SQL injection, many people write:
Copy the Code code as follows:
if (!GET_MAGIC_QUOTES_GPC ()) {
$post =addslashes ($post);
}

If you turn them on, you'll automatically escape the single quotation mark ('), double quotation mark ("), backslash (\), and NUL (null character), which is actually the equivalent of calling the Addslashes function. You might say it's not good, it's more secure, but do you consider code portability? Also, is it necessary for you to escape all of the GPC ($_get,$_post,$_cookie) data? How much is the overhead? The following PHP point-and-click (phpddt.com) explains the magic quotes in the manual:

1.magic_quotes_gpc

MAGIC_QUOTES_GPC This is the Magic reference state used to set the GPC ($_get, $_post, $_cookie) (PHP4 is also included in $_env). When turned on, all single quotes (single-quote), double quotes (doubles quote), backslashes (backslash) and Nul ' s are automatically escaped by backslashes. When Magic_quote_sybase is on, only single quotation marks (Singgle-quote) are escaped with the quotation marks ", double quotes, backslashes (backslash), and Nul ' s are unaffected and are not escaped.

2.magic_quote_runtime

Magic_quote_runtime If this option is turned on, many functions that return external data (database, text) will be escaped by a backslash (backslash). If Magic_quote_sybase is also turned on, only single quotation marks (Single-quote) are escaped by quotation marks.

3.magic_quotes_sybase

Magic_quotes_sybase If this option is set to ON, the single quote ' will be quoted ' instead of being backslash \ Escaped when Magic_quotes_gpc,magic_quotes_runtime is turned on. At the same time, this setting completely overrides the MAGIC_QUOTES_GPC setting, even if MAGIC_QUOTES_GPC is set to ON, the double quotes ", the backslash \ and nul ' s are not escaped.

http://www.bkjia.com/PHPjc/327609.html www.bkjia.com true http://www.bkjia.com/PHPjc/327609.html techarticle Special view of the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are to be configured in PHP.ini ...

