By default, the PHP instruction MAGIC_QUOTES_GPC is on, and it automatically runs Addslashes () for all get, POST, and COOKIE data. Do not use Addslashes () on strings that have been escaped by MAGIC_QUOTES_GPC, because this can result in a double escape. You can use the function GET_MAGIC_QUOTES_GPC () for instrumentation when this situation is encountered.
Example
1. Addslashes () example
The code is as follows |
Copy Code |
? $str = "Is your name o& #39; Reilly?"; Output: Is your name O ' & #39 Reilly? echo addslashes ($STR); ?> |
return value
Returns 0 when the MAGIC_QUOTES_GPC is closed, or 1. will use return FALSE in PHP 5.4.O
Cases
code is as follows |
copy code |
<?php //If magic quotes are enabled Echo $_post[' LastName ']; //O ' Reilly Echo addslashes ($_post[' LastName ']);//O\ ' Reilly //applicable to the use of each PHP version if (get_magic_quotes _GPC ()) { $lastname = stripslashes ($_post[' LastName '); } Else { $lastname = $_post[' LastName ']; } //If using MySQL $lastname = mysql_real_escape_string ($lastname); Echo $lastname;//O ' reilly $sql = INSERT into Lastnames (lastname) VALUES (' $lastname '); ? |
Php.ini:get_magic_quotes_gpc
In the PHP configuration file, there is a Boolean setting that is Magic_quotes_runtime, and when it opens,
Most of PHP's functions automatically add overflow characters from externally introduced (including database or file) data to the inverse
Slash. Of course, if you repeat the overflow character alphanumeric backslash, then there will be multiple backslashes in the string, so
Use Set_magic_quotes_runtime () and Get_magic_quotes_runtime () to set up and detect php.ini
Magic_quotes_runtime state in the file. To make your program work regardless of the server settings
Perform. You can use Get_magic_quotes_runtime to detect the state of the setting at the beginning of the program to decide whether to manually process
, or turn off the setting with Set_magic_quotes_runtime (0) at the beginning (or when no automatic escape is required).
MAGIC_QUOTES_GPC settings automatically "" \ Plus backslashes for the data from the GPC (Get,post,cookie)
Line. You can use GET_MAGIC_QUOTES_GPC () to detect system settings. If this setting is not turned on, you can use the
Addslashes () function is added, its function is to the database query statements such as the need for some characters before adding an anti
Slash. These characters are single quotes ('), double quotes ("), backslashes (\) and NUL (NULL characters).