PHP to the MySQL database to insert data to escape including two aspects, the first need to add data through data escaping to write the data into the storage, the second in the data displayed on the page need to restore the data to the original state, that is, inversion of righteousness.
First, data escaping
Mysql_escape_string ($content)
Ii. reversal of the meaning
Stripslashes ($content)
The above two lines of code can be implemented PHP to the MySQL database insert data escape operation.
GET_MAGIC_QUOTES_GPC ()
In PHP, the GET_MAGIC_QUOTES_GPC () function is a built-in function that is the function of getting the value of the MAGIC_QUOTES_GPC option in the php.ini setting.
So let's talk about the MAGIC_QUOTES_GPC option:
If the magic_quotes_gpc=on,php parser automatically adds the escape character "\" to the data coming from post, get, and cookie to ensure that the data does not cause a program, especially if the database statement causes a fatal error due to the special character's contamination.
In the case of Magic_quotes_gpc=on, if the data entered has
Characters such as single quotes ('), double quotes ("), backslashes (\), and NUL (NULL characters) are all prefixed with backslashes. These escapes are required, and if this option is off, then we must call the Addslashes function to increase the escape for the string.
It is because this option must be on, but let the user to configure the contradictions, in the PHP6 removed this option, all programming needs to be done under Magic_quotes_gpc=off. In such an environment, if the user's data is not escaped, the consequences are not just procedural errors. The same risks causing the database to be injected into the attack. So from now on, everyone should stop relying on this to be on, lest one day your server needs to be updated to PHP6 and your program will not work properly.
When Magic_quotes_gpc=on, the function GET_MAGIC_QUOTES_GPC () returns 1
When Magic_quotes_gpc=off, the function get_magic_quotes_gpc () returns 0
So it can be seen that the function of the GET_MAGIC_QUOTES_GPC () is to get the value of the environment variable MAGIC_QUOTES_GPC. Now that the MAGIC_QUOTES_GPC option is removed from the PHP6, the function in PHP6, I think, is gone.
Addslashes ()
The Addslashes () function adds a backslash before the specified predefined character.
The predefined characters are:
* Single quotation mark (')
* Double quotes (")
* back slash (\)
* NULL
Grammar
Addslashes (String)
Stripslashes ()
Remove the backslash character.
Syntax: string stripslashes (String str);
return value: String
Function type: Data processing
This function removes the backslash characters from the string. If you have two consecutive backslashes, remove one and leave one. If there is only one backslash, remove it directly.
If you don't know if there is a setup you can do this:
function Stringfilter ($str) {
if (!empty ($STR)) {
if (ini_set (' MAGIC_QUOTES_GPC ')) {return
$str;
} else{return
addslashes ($STR);
}
else{return
false;
}
