PHP magic function application details

PHP magic function application details, read PHP magic function application details, PHP provides two magic reference functions for reference data magic_quotes_gpc and magic_quotes_runtime, these two functions in php. when ini is set to ON, it will touch a single quotation mark for the data we reference "> <LINKhref =" http://www.php100.c

PHP provides two magic reference functions for reference data: magic_quotes_gpc and magic_quotes_runtime. when ini is set to ON, single quotation marks and double quotation marks will be applied to the referenced data, and the backslash \ is automatically added to the backslash to help us automatically translate the symbols, make sure that the data operation runs correctly. However, in different php versions or server configurations, some magic_quotes_gpc and magic_quotes_runtime are set to on, while others are off, therefore, the program we write must meet the on and off conditions. So what are the differences between magic_quotes_gpc and magic_quotes_runtime functions? See the following description:

Magic_quotes_gpc

Scope of Application: WEB client server;
Time: request start, for example, when the script is running.

Magic_quotes_runtime

Scope: obtained from the data read from the file, the exec () execution result, or the SQL query;
Time: each time the script accesses the data generated in the running state.

Therefore, the value of magic_quotes_gpc will affect the data obtained through Get/Post/Cookies. The value of magic_quotes_runtime will affect the data read from the file or the data queried from the database.

Example:

<Form action = "" method = "post">
STR: <input type = "text" name = "str">
<Input type = "submit">
</Form>
<? Php
/* Fill in the form with '"\. if magic_quotes_gpc is not enabled, they will not be escaped by backslash */
Echo 'The value passed through POST is: ', $ _ POST ['str'],' <br/> ';

If (get_magic_quotes_gpc () {// check whether magic_quotes_gpc is enabled. if not, use addslashes to escape
$ Str = $ _ POST ['str'];
} Else {
$ Str = addslashes ($ _ POST ['str']);
}

Echo 'escaped here: ', $ str,' $ SQL = "INSERT INTO lastnames (lastname) VALUES ('$ str ')";

// ================================================ ========================================================== ========
// ----- Magic_quotes_gpc only escapes the data obtained by www.devdao.com through Get/Post/Cookies.
// ----- Magic_quotes_runtime will escape: The data read from the file, the result of executing exec (), or obtained from SQL query
// ================================================ ========================================================== ========
$ Data = implode (file ('Try. php'); // we still write the characters '"\ to test
Echo 'here is the data of try. php ,';
If (get_magic_quotes_runtime ()){
$ Data = $ data;
Echo 'escaped by the system '. $ data;
} Else {
Echo '. $ data = addslashes ($ data) escaped by addslashes );
}

$ SQL = "INSERT INTO lastnames (lastname) VALUES ('$ data ')";
Echo '<br/> SQL statement: <br/>', $ SQL;
// --- The warehouse receiving is escaped, but the backslash is unnecessary. use stripslashes () to remove the backslash when reading the original data.
// --- Stripslashes () and addslashes () have the opposite effect
?> The most important difference is the two points mentioned above: the value of magic_quotes_gpc for different processing objects will affect the value of magic_quotes_runtime for data obtained through Get/Post/Cookies. it will affect the data read from the file or obtained from the database query. here are a few functions to be associated: set_magic_quotes_runtime (): set the value of magic_quotes_runtime. 0 = disabled. 1 = open. the default status is disabled. you can use echo phpinfo (); to view magic_quotes_runtimeget_magic_quotes_gpc (): To view the value of magic_quotes_gpc. 0 = disabled. 1 = open. get_magic_quotes_runtime (): view the value of magic_quotes_runtime. 0 = Close. 1 = open. Note that the value of magic_quotes_gpc () cannot be set in the program.