Description of the get_magic_quotes_gpc () function in php, getmagicquotesgpc

Description of the get_magic_quotes_gpc () function in php, getmagicquotesgpc

The get_magic_quotes_gpc function is used to determine whether to add a slash to the data provided by the user. This is in the php. ini configuration file. Next I will introduce the get_magic_quotes_gpc () function description.

Get_magic_quotes_gpc function Introduction

Obtain the value of the PHP environment variable magic_quotes_gpc, which is a function of the PHP system.

Syntax: long get_magic_quotes_gpc (void );

Return Value: Long Integer

This function gets the magic_quotes_gpc (GPC, Get/Post/Cookie) value of the variable configured in the PHP environment. If 0 is returned, this function is disabled. If 1 is returned, this function is enabled.

When magic_quotes_gpc is enabled, all '(single quotation marks),' (double quotation marks), (backslash) and null characters are automatically converted to overflow characters containing the backslash.

Magic_quotes_gpc: determines whether to automatically add the backslash (') to the data transmitted by GPC (get, post, cookie. You can use get_magic_quotes_gpc () to detect system settings.

If this setting is not enabled, you can use the addslashes () function to add a backslash before certain characters for database query statements.

These characters are single quotation marks ('), double quotation marks ("), backslash (), and NUL (NULL ).

By default, the PHP Command magic_quotes_gpc is on, which automatically runs addslashes () on all GET, POST, and COOKIE data ().

Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.

Example

Use get_magic_quotes_gpc () to prevent database attacks

The Code is as follows:

<? Phpfunction check_input ($ value) {// remove the slash if (get_magic_quotes_gpc () {$ value = stripslashes ($ value);} // enclose the quotation mark if (! Is_numeric ($ value) {$ value = "'". mysql_real_escape_string ($ value ). "'";} return $ value;} $ con = mysql_connect ("localhost", "hello", "321"); if (! $ Con) {die ('could not connect :'. mysql_error ();} // perform security SQL $ user = check_input ($ _ POST ['user']); $ pwd = check_input ($ _ POST ['pwd']); $ SQL = "SELECT * FROM users WHEREuser = $ user AND password = $ pwd"; mysql_query ($ SQL ); mysql_close ($ con);?>

Summary:

1. For magic_quotes_gpc = on,

We may not use the string data of the input or output database

The operation of addslashes () and stripslashes () will also display the data normally.

If you perform addslashes () processing on the input data,

In this case, you must use stripslashes () to remove unnecessary backslash.

2. magic_quotes_gpc = off

You must use addslashes () to process the input data, but you do not need to use stripslashes () to format the output.

Because addslashes () does not write the backslash together into the database, it only helps mysql to complete SQL statement execution.

The above is all the content of this article. I hope this article will help you in your study or work. I also hope to provide more support to the customer's home!