Deep Dive into PHP magic quotes _php Tutorials

Source: Internet
Author: User
Special view of the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are configured in php.ini, and it can be seen from the manual that these features have been abolished since php5.3, so it is strongly not to use them and to close them in php.ini.

The function of these functions is to escape the data. When it comes to preventing SQL injection, many people write:
Copy the Code code as follows:
if (!GET_MAGIC_QUOTES_GPC ()) {
$post =addslashes ($post);
}

If you turn them on, you'll automatically escape the single quotation mark ('), double quotation mark ("), backslash (\), and NUL (null character), which is actually the equivalent of calling the Addslashes function. You might say it's not good, it's more secure, but do you consider code portability? Also, is it necessary for you to escape all of the GPC ($_get,$_post,$_cookie) data? How much is the overhead? The following PHP point-and-click (phpddt.com) explains the magic quotes in the manual:

1.magic_quotes_gpc

MAGIC_QUOTES_GPC This is the Magic reference state used to set the GPC ($_get, $_post, $_cookie) (PHP4 is also included in $_env). When turned on, all single quotes (single-quote), double quotes (doubles quote), backslashes (backslash) and Nul ' s are automatically escaped by backslashes. When Magic_quote_sybase is on, only single quotation marks (Singgle-quote) are escaped with the quotation marks ", double quotes, backslashes (backslash), and Nul ' s are unaffected and are not escaped.

2.magic_quote_runtime

Magic_quote_runtime If this option is turned on, many functions that return external data (database, text) will be escaped by a backslash (backslash). If Magic_quote_sybase is also turned on, only single quotation marks (Single-quote) are escaped by quotation marks.

3.magic_quotes_sybase

Magic_quotes_sybase If this option is set to ON, the single quote ' will be quoted ' instead of being backslash \ Escaped when Magic_quotes_gpc,magic_quotes_runtime is turned on. At the same time, this setting completely overrides the MAGIC_QUOTES_GPC setting, even if MAGIC_QUOTES_GPC is set to ON, the double quotes ", the backslash \ and nul ' s are not escaped.

http://www.bkjia.com/PHPjc/327609.html www.bkjia.com true http://www.bkjia.com/PHPjc/327609.html techarticle Special view of the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are to be configured in PHP.ini ...

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.