PHP Magic Quotes

Source: Internet
Author: User

1. What is the function of magic quotes?


The Magic quote design was designed to escape from a database or file and receive parameters from a request, with single quotes, double quotes, backslashes, and null plus a backslash, which works exactly like Addslashes ().

2. What is the function of escaping?


Correctly receive and read data to execute SQL statements correctly. For example, from the foreground to receive a parameter, assuming that the $para, the background to execute a query after the SQL statement, splicing SQL statements, the parameters are passed into, similar to




If the argument contains double quotes such as "value, then the SQL statement becomes




Originally executed the above Red statement, the result becomes the following red statement, is not what we want, need to let the system can recognize the real SQL statement start character and Terminator, this need to escape, escaped to become




To actually execute the SQL statement as above, reach the desired query table, FIELD1 the field to "Value and field FIELD2 for XXX data."

3. Why did the Magic quote feature be removed after PHP5.4.0?


(1) portability

When programmed, it is considered that its opening or closing will affect portability. You can use GET_MAGIC_QUOTES_GPC () to check if it is open and program it accordingly.

(2) performance

Since not every part of the escaped data is inserted into the database, if all the data into PHP is escaped, then the execution efficiency of the program will have some impact. Calling an escape function (such as addslashes ()) at run time is more efficient. Although Php.ini-dist opens this option by default, php.ini-recommended turns it off by default, primarily for performance reasons.

(3) convenient

because not all data needs to be escaped, it is annoying to see escaped data where it is not necessary to escape. For example, sending a message through a form results in a lot of '. For this problem, you can use the stripslashes () function to handle it.

4, php.ini related configuration


Magic Quotes configuration Options


Run-time change

default values in PHP


If opened, it affects HTTP request data (GET,POST , and COOKIE).




< P align= "Center" if open, most of the functions that get data from external sources and return the data, including from the database and text files, are escaped by backslashes. (If MAGIC_QUOTES_GPC = on




" (double quotes), (backslash) and null characters are escaped by automatically adding a backslash. This is exactly the same as addslashes ()

MAGIC_QUOTES_GPC null characters will not be escaped.





Set_magic_quotes_runtime (), set the currentMagic_quotes_runtimethe activation state of the configuration option,0to close,1to open. What do you mean? This understanding, asset_magic_quotes_runtime (1)or in the configuration fileMagic_quotes_runtimeto betrue(This inphp.iniconfiguration), thenPHPThe script reads the file or reads the data from the database and encounters a backslash (\), single quotation marks ('), double quotation marks ("),NULL, the escape character is automatically added to the front and becomes\\,\ ',\",\nullor, if closed,set_magic_quotes_runtime (0) Magic_quotes_runtimeto befalse, then it escapes, and you can now useaddslashesto escape.

MAGIC_QUOTES_GPC (), when this value is1, you willHTTPin the requestG($_get),P($_post),C($_cookiesingle and double quotes and backslashes are escaped, and vice versa. This operation is generally seen in the form submission database operation, if the value is0, you can useaddslashesto be escaped into the database, and then used when removedstripslashesfunction to remove the backslash.

PS. in PHP version 5.4 , magic quotes are removed, so escaping requires the addition of the addslashes function.


PHP Magic Quotes

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.