PHP magic_quotes_gpc_php Tutorials

If you do a addslashes () processing of the input data at this point, you must use Stripslashes () to remove the extra backslash when you output it. 2. For PHP Magic_quotes_gpc=off, the input data must be processed using addslashes (), but you do not need to format the output with Stripslashes (), because addslashes () does not write the backslash to the database , just to help MySQL complete the execution of the SQL statement. Add: PHP MAGIC_QUOTES_GPC scope is: Web client server; Action time: When the request starts, for example when the script is running. Magic_quotes_runtime scope: Data read from a file or executed by exec () or from a SQL query; time: Every time a script accesses a running state, the data example: 1. Condition: PHP magic_quotes_gpc= Off the string written to the database has not been processed by any filtering. The string read from the database has not been processed. Data: $data = "Snow", "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow", "Sun" to the database, the result: SQL statement error, MySQL can not successfully complete the SQL statement, write to the database failed. Database save format: no data. Output data format: no data. Description: An unhandled single quotation mark causes an error in the SQL statement when it is written to the database. 2. Condition: PHP magic_quotes_gpc=off data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow" "Sun" to the database, the result: SQL statement successfully executed, the data written to the database Database save format: Snow "' Sun (as input) output data format: Snow" " Sun (same as input) Description: the Addslashes () function converts the single quotation mark to \ ' escape character so that the SQL statement executes successfully, but \ ' is not stored as data in the database, the database is saved by snow "' sun instead of what we imagined snow\ ' \ ' \ ' Sun3. Condition: PHP Magic_quotes_gpc=on writes the database string without any processing. The string read from the database has not been processed. Data: $data = "Snow", "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow", "Sun" to the database, the result: SQL statement executes successfully, data is written to database Database save format: Snow "' Sun (as input) output data format: Snow" ' Sun (as input) Description: PHP Magic_quotes_gpc=on converts single quotes to \ ' Escape character makes the SQL statement execute successfully, but \ ' does not serve as data into the database, the database is saved by snow "' sun instead of what we imagined snow\ ' \ ' \ ' \ ' Sun. 4. Condition: PHP magic_quotes_gpc=on data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow" "Sun" to the database, the result: SQL statement successfully executed, the data written to the database Database save format: snow\ ' \ ' \ ' \ ' Sun (added escape character) Output data format: snow\ ' \ ' \ ' Sun (added escape character) Description: PHP magic_quotes_gpc=on Convert single quotation marks to \ ' escape character so that the SQL statement executes successfully, addslashes the single quotation marks that are about to be written to the database to \ ', The latter conversion is written as data to the database, and the database holds the snow\ ' \ ' \ ' \ ' Sun

Attention:

This feature has been deprecated in the PHP5.3.0 and has been removed in 5.4.0 (this feature have been DEPRECATED as of PHP 5.3.0 andremoved as of PHP 5.4.0.). So there's no reason to use magic quotes anymore because it's no longer part of PHP support. But it helped the novice to write better (and more secure) code unconsciously. But when it comes to working with code, it's best to change your code rather than relying on the magic quote to open it.

http://www.bkjia.com/PHPjc/738503.html www.bkjia.com true http://www.bkjia.com/PHPjc/738503.html techarticle If you do a addslashes () processing of the input data at this point, you must use Stripslashes () to remove the extra backslash when you output it. 2. In the case of PHP magic_quotes_gpc=off ...

