- If (phpversion () <'5. 3.0 '){
- Set_magic_quotes_runtime (0 );
- }
> The magic_quotes_gpc cannot be defined through functions. Therefore, we recommend that you enable it on the server. when writing a program, you should judge it, avoid security problems caused by failing to enable gpc. when using addslashes to escape gpc, you should be aware of filtering key values and values when users submit array data.
If (! Get_magic_quotes_gpc ()){
- $ _ Get = daddslashes ($ _ get );
- $ _ Post = daddslashes ($ _ post );
- $ _ Cookie = daddslashes ($ _ cookie );
- $ _ Files = daddslashes ($ _ files );
- }
- Function daddslashes ($ string, $ force = 1 ){
- If (is_array ($ string )){
- Foreach ($ string as $ key => $ val ){
- Unset ($ string [$ key]);
- $ String [addslashes ($ key)] = daddslashes ($ val, $ force );
- }
- } Else {
- $ String = addslashes ($ string );
- }
- Return $ string;
- }
?>
Escape html entities when users input or output to prevent xss vulnerability! Today, I encountered a special character processing problem. I noticed this problem again in php:
- $ Str = "ffff \ 0 ffff ";
- Echo (strlen ($ str ));
- Echo ("\ n ");
- For ($ I = 0; $ I Echo ("\ n ");
Output result: ---------------------- 9 102 102 102 102 0 102 102 102 Example of replacing special characters
- $ Str = "ffff \ 0 ffff ";
- $ Str = str_replace ("\ x0", "", $ str );
- // Or use $ str = str_replace ("\ 0", "", $ str );
- // Or use $ str = str_replace (chr (0), "", $ str );
- Echo (strlen ($ str ));
- Echo ("\ n ");
- For ($ I = 0; $ I Echo ("\ n ");
-
Output result: ---------------------- 8 102 102 102 102 102 102 102 Octal ascii code example:
- // Note that the string that matches the regular \ [0-7] {} represents an octal ascii code.
- $ Str = "\ 0 \ 01 \ 02 \ 3 \ 7 \ 10 \ 011 \ 08 \ 8"; // The \ 8 here does not meet the requirements, corrected to "\ 8" (ascii: 92 and 56)
- Echo (strlen ($ str ));
- Echo ("\ n ");
- For ($ I = 0; $ I Echo ("\ n ");
-
Output result: ---------------------- 11 0 1 2 3 7 8 9 0 56 92 56 Hexadecimal ascii code example:
- $ Str = "\ x0 \ x1 \ x2 \ x3 \ x7 \ x8 \ x9 \ x10 \ x11 \ xff ";
- Echo (strlen ($ str ));
- Echo ("\ n ");
- For ($ I = 0; $ I Echo ("\ n ");
-
Output result: ---------------------- 10 0 1 2 3 7 8 9 16 17 255 php special character escape explanation php regular expression escape character example PHP common escape character function PHP escape regular expression character function php implement anti-injection code used to escape form submission values mysql statement character escape method example php character escape precautions |