In-depth PHP Magic quotes detailed _php Tips

Source: Internet
Author: User
Tags sql injection

Specifically looked at the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are configured in PHP.ini, as can be seen from the manual, which has been abolished since php5.3, so it is strongly not used and closed in php.ini.

The function of these functions is to escape the data. When you prevent SQL injection, many people will write this:

Copy Code code as follows:

if (!GET_MAGIC_QUOTES_GPC ()) {
$post =addslashes ($post);
}

If they are turned on, they automatically give you the escape of single quotes ('), double quotes ("), backslashes (\) and NUL (null characters), which in fact are equivalent to calling the Addslashes function. You might say that's not very good, security is higher, but do you consider code portability? In addition, is it necessary for you to escape all the data on the GPC ($_get,$_post,$_cookie)? How much is the cost? The following PHP Point Pass (phpddt.com) on the manual on the Magic quotes detailed Description:

1.MAGIC_QUOTES_GPC

MAGIC_QUOTES_GPC This is used to set the Magic reference State of the GPC ($_get, $_post, $_cookie) (also included in PHP4). When turned on, all single quotes (single-quote), double quotes (double quote), backslash (backslash) and Nul ' s are automatically escaped by backslashes. When Magic_quote_sybase is on, only single quotes (singgle-quote) are enclosed in quotation marks to ", and double quotes, backslashes (backslash), and Nul ' s are not affected and are not escaped.

2.magic_quote_runtime

Magic_quote_runtime If this option is turned on, many functions that return external data (database, text) will be escaped by backslashes (backslash). If Magic_quote_sybase is also turned on, only single quotes (single-quote) are escaped with quotation marks.

3.magic_quotes_sybase

Magic_quotes_sybase If this option is set to open, the single quotes ' will be quoted ' in the case of Magic_quotes_gpc,magic_quotes_runtime open instead of being backslash \ escaped. At the same time, this setting completely overrides the MAGIC_QUOTES_GPC setting, even if MAGIC_QUOTES_GPC is set to ON, double quotes ", backslashes \ and nul ' s will not be escaped.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.