When processing mysql, GET, and POST data, you often need to escape the data quotation marks. PHP has three settings for automatic (single quotation marks), (double quotation marks), (backslash) and NULL character rotation. PHP calls it magic quotes. These three settings are magic_quotes_gpc, which affect HTTP request data (GET, POST, and COO
When processing mysql, GET, and POST data, you often need to escape the data quotation marks. PHP has three settings for automatic (single quotation marks), (double quotation marks), \ (backslash) and NULL character rotation. PHP calls it magic quotes. These three settings are magic_quotes_gpc, which affect HTTP request data (GET, POST, and COO
When processing mysql, GET, and POST data, you often need to escape the data quotation marks.
PHP has three settings to enable automatic redirection of '(single quotation marks),' (double quotation marks), \ (backslash), and NULL characters.
PHP calls it magic quotes. These three settings are
Magic_quotes_gpc
Affects HTTP request data (GET, POST, and COOKIE ). It cannot be changed at runtime. In PHP, the default value is on.
When this function is enabled, the data transmitted through GET, POST, and COOKIE is automatically escaped.
Such as test. php? Id = abc 'de "f
Echo $ _ GET ['id']; # abc \ 'de \ "f
Magic_quotes_gpc = On; this is enabled and has no impact On writing data to the database. For example, if $ _ GET ['id'] above is written to the database, it is still abc 'de "f,
On the contrary, if magic_quotes_gpc = Off; then the characters must be enclosed by quotation marks (no matter single or double quotation marks). writing directly to mysql will directly become blank.
However, if you write it into the document, instead of mysql. Then it will be abc \ 'de \ "f
Magic_quotes_runtime
If it is enabled, most of the functions that retrieve data from external sources and return data, including the database and text files, will be escaped by the backslash. This option can be changed at runtime. The default value in PHP is off.
Magic_quotes_sybase
If it is enabled, single quotes are used to escape single quotes rather than backslash. This option will completely overwrite magic_quotes_gpc. If two options are enabled at the same time, the single quotation marks will be converted ". Double quotation marks, backslash, and NULL characters are not escaped.
The content of my form is:
Countermeasure 1: Modify the php. ini file (modify the php. ini method and You can google it)
Countermeasure 2: cancel the escape
Step 1: Find the data you submitted, such as $ _ POST ['content'], and change it to $ content = stripslashes ($ _ POST ['content']);
Step 2: replace $ content with $ content when using $ POST ['content '].
Step 3: submit it to the database, and the database is still in normal storage: Read it and it becomes
(Do you know how to solve this problem? Why don't I try again)
Step 4: filter the content read by the database using stripslashes.
The stripslashes () function deletes the backslash added by the addslashes () function. Used to clear data retrieved from a database or HTML form
(
If you do not want the following on the PHP page:
Single quotes are escaped \'
Double quotation marks are escaped \"
You can perform the following settings to prevent:
Set magic_quotes_gpc = Off in php. ini)
Summary:
1. For magic_quotes_gpc = on,
We may not use the string data of the input or output database
The operation of addslashes () and stripslashes () will also display the data normally.
If you perform addslashes () processing on the input data,
In this case, you must use stripslashes () to remove unnecessary backslash.
2. magic_quotes_gpc = off
You must use addslashes () to process the input data, but you do not need to use stripslashes () to format the output.
Because addslashes () does not write the backslash together into the database, it only helps mysql to complete SQL statement execution.