PHP Magic Quotes Summary

In a project, if the magic quotes are open, all backslashes (\), single quotes ('), double quotes ("), and NULL characters are automatically escaped with a backslash, which is exactly the same as the addslashes () function. Here are four related functions: Set_magic_quotes_runtime, MAGIC_QUOTES_GPC, Addslashes, stripslashes.

Set_magic_quotes_runtime (), sets the active status of the current magic_quotes_runtime configuration option, 0 is off, and 1 is on. What do you mean. This is understood as set_magic_quotes_runtime (1) or in the configuration file Magic_quotes_ Runtime is true (this is configured in php.ini), then the PHP script reads the file or reads the data from the database, encounters a backslash (\), single quotes ('), double quotes ("), and NULL, and automatically adds an escape character to the front, which becomes \ \ \ \ \ \", \null If it is closed, that is, set_magic_quotes_runtime (0) Magic_quotes_runtime is false, then it is escaped and can be escaped with the help of addslashes.

MAGIC_QUOTES_GPC (), when this value is 1 o'clock, escapes the G ($_get), P ($_post), C ($_cookie) single double quotes and backslashes in the HTTP request, and vice versa. This operation is generally seen in the form submitted by the database operation, if the value of 0 o'clock, then use addslashes to escape into the database, and then use the Stripslashes function to remove the backslash.

The special note is that in the PHP 5.4 version, the magic quotes are removed, so the escape requires the addition of the Addslashes function.

$_get[' des '] = "She ' s a beauty";
foreach (Array (' _get ', ' _post ', ' _cookie ') as $_request) {
    echo $_request;//_get_post _cookie
    foreach ($$_ Request as $_key=> $_value) {
        //$_key as key, such as _get,$$_key $_get
        //$$_key=$_value means $_get[' des ' = 1111 $des =she\ ' s a beauty
        $_key{0}!= ' _ ' && $$_key=addslashes ($_value);
        echo $$_key;
    }
}

Look at the code above to understand no, this is the night to pick on the introduction of Discuz in the source code analysis of the book, $$_key whether a bit around, it should not be, is variable multiple references, you can look at my PHP variables of several writing blog, the above code is to filter malicious forged GPC Request predefined variable behavior.