PHP Magic Quotes Summary

Source: Internet
Author: User
Tags php script

In a project, if the magic quotes are open, all backslashes (\), single quotes ('), double quotes ("), and NULL characters are automatically escaped with a backslash, which is exactly the same as the addslashes () function. Here are four related functions: Set_magic_quotes_runtime, MAGIC_QUOTES_GPC, Addslashes, stripslashes.

Set_magic_quotes_runtime (), sets the active status of the current magic_quotes_runtime configuration option, 0 is off, and 1 is on. What do you mean. This is understood as set_magic_quotes_runtime (1) or in the configuration file Magic_quotes_ Runtime is true (this is configured in php.ini), then the PHP script reads the file or reads the data from the database, encounters a backslash (\), single quotes ('), double quotes ("), and NULL, and automatically adds an escape character to the front, which becomes \ \ \ \ \ \", \null If it is closed, that is, set_magic_quotes_runtime (0) Magic_quotes_runtime is false, then it is escaped and can be escaped with the help of addslashes.

MAGIC_QUOTES_GPC (), when this value is 1 o'clock, escapes the G ($_get), P ($_post), C ($_cookie) single double quotes and backslashes in the HTTP request, and vice versa. This operation is generally seen in the form submitted by the database operation, if the value of 0 o'clock, then use addslashes to escape into the database, and then use the Stripslashes function to remove the backslash.

The special note is that in the PHP 5.4 version, the magic quotes are removed, so the escape requires the addition of the Addslashes function.

$_get[' des '] = "She ' s a beauty";
foreach (Array (' _get ', ' _post ', ' _cookie ') as $_request) {
    echo $_request;//_get_post _cookie
    foreach ($$_ Request as $_key=> $_value) {
        //$_key as key, such as _get,$$_key $_get
        //$$_key=$_value means $_get[' des ' = 1111 $des =she\ ' s a beauty
        $_key{0}!= ' _ ' && $$_key=addslashes ($_value);
        echo $$_key;

Look at the code above to understand no, this is the night to pick on the introduction of Discuz in the source code analysis of the book, $$_key whether a bit around, it should not be, is variable multiple references, you can look at my PHP variables of several writing blog, the above code is to filter malicious forged GPC Request predefined variable behavior.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.