In-depth PHP Magic quotes detailed _php Tips

Specifically looked at the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are configured in PHP.ini, as can be seen from the manual, which has been abolished since php5.3, so it is strongly not used and closed in php.ini.

The function of these functions is to escape the data. When you prevent SQL injection, many people will write this:

Copy Code code as follows:

if (!GET_MAGIC_QUOTES_GPC ()) {
$post =addslashes ($post);
}

If they are turned on, they automatically give you the escape of single quotes ('), double quotes ("), backslashes (\) and NUL (null characters), which in fact are equivalent to calling the Addslashes function. You might say that's not very good, security is higher, but do you consider code portability? In addition, is it necessary for you to escape all the data on the GPC ($_get,$_post,$_cookie)? How much is the cost? The following PHP Point Pass (phpddt.com) on the manual on the Magic quotes detailed Description:

1.MAGIC_QUOTES_GPC

MAGIC_QUOTES_GPC This is used to set the Magic reference State of the GPC ($_get, $_post, $_cookie) (also included in PHP4). When turned on, all single quotes (single-quote), double quotes (double quote), backslash (backslash) and Nul ' s are automatically escaped by backslashes. When Magic_quote_sybase is on, only single quotes (singgle-quote) are enclosed in quotation marks to ", and double quotes, backslashes (backslash), and Nul ' s are not affected and are not escaped.

2.magic_quote_runtime

Magic_quote_runtime If this option is turned on, many functions that return external data (database, text) will be escaped by backslashes (backslash). If Magic_quote_sybase is also turned on, only single quotes (single-quote) are escaped with quotation marks.

3.magic_quotes_sybase

Magic_quotes_sybase If this option is set to open, the single quotes ' will be quoted ' in the case of Magic_quotes_gpc,magic_quotes_runtime open instead of being backslash \ escaped. At the same time, this setting completely overrides the MAGIC_QUOTES_GPC setting, even if MAGIC_QUOTES_GPC is set to ON, double quotes ", backslashes \ and nul ' s will not be escaped.