PHP form submission After quotation mark the reason for automatically adding backslashes and three ways to turn off PHP Magic quotes _php Instance

Recently found to do a PHP program form data submission to the content of the database, as long as the content with single or double quotes, a backslash will be added later. And every time you save a backslash, it's depressing.

So from the Internet to search the original PHP program in order to prevent injection or overflow, through the PHP directive MAGIC_QUOTES_GPC automatically in double quotes, single quotes, backslashes, null front to add a backslash.

The default PHP directive MAGIC_QUOTES_GPC is on, which is open. You can then use the stripslashes () function to remove the automatically added backslash. Usage is: For example, the variable containing the string is $STR, then use the stripslashes () function to handle this string: Stripslashes ($STR), the output is the result of removing the backslash.

So I took the read string content with the Stripslashes () function, that is, $value=stripslashes ($STR), and then save.

But there is another problem, that is, because the local PHP directive MAGIC_QUOTES_GPC is off, if you use this function, it will be the normal back slash also removed. This is not what we hope for.

The solution is to use the function GET_MAGIC_QUOTES_GPC () for detection, if the state is open, then remove the backslash, if the state is closed, do not remove the backslash.

The program code is as follows:

$str =$_post["str"];//read the content assignment of STR to $STR variable
if (GET_MAGIC_QUOTES_GPC ())//If GET_MAGIC_QUOTES_GPC () is an open
{$str = Stripslashes ($STR);//String to be processed
}

Here are three ways to solve this problem:

Method 1: Modify the PHP configuration file php.ini

This method is only suitable for the right to manage the server, if the use of virtual space, it can only use the latter two methods.

MAGIC_QUOTES_GPC, Magic_quotes_runtime, magic_quotes_sybase are all set to off in the PHP configuration file php.ini. As shown below:

MAGIC_QUOTES_GPC = Off

Magic_quotes_runtime = Off

Magic_quotes_sybase = Off

Method 2: Use the. htaccess file

This method is only supported by the server in the case of htaccess, now the server will generally support

Add the following sentence in the program directory. htaccess file:

Copy Code code as follows:

Php_flag MAGIC_QUOTES_GPC off

Method 3: Masking in code

This method is the most portable, regardless of server configuration, as long as the support of PHP can be used.

Add the following code at the beginning of all PHP files

if (GET_MAGIC_QUOTES_GPC ()) {
   function stripslashes_deep ($value) {
     $value =is_array ($value)? Array_map (' Stripslashes_deep ', $value): Stripslashes ($value);
     return $value;
   }
   $_post=array_map (' Stripslashes_deep ', $_post);
   $_get=array_map (' Stripslashes_deep ', $_get);
   $_cookie=array_map (' Stripslashes_deep ', $_cookie);
   $_request=array_map (' Stripslashes_deep ', $_request);
 }

The above introduction is this article to introduce to you the PHP form before quotation marks automatically add back to the reasons and three ways to close the PHP magic quotes, I hope you like.