PHP's use of stripslashes and addslashes

First of all, you must first speak of PHP MAGIC_QUOTES_GPC. (GET_MAGIC_QUOTES_GPC () can detect if open)

PHP MAGIC_QUOTES_GPC Scope is: Web client server; Action time: When the request starts. For example, when the script is running. Magic_quotes_runtime: Data read from a file or executed by exec () or from a SQL query; time: Every time the script accesses the data generated in the running state

1. For PHP magic_quotes_gpc=on, we can not do addslashes () and stripslashes () for the input and output database string data, and the data will be displayed normally. 　　If you do a addslashes () processing of the input data at this point, you must use Stripslashes () to remove the extra backslash when you output it. 2. For PHP Magic_quotes_gpc=off, the input data must be processed using addslashes (), but you do not need to format the output with Stripslashes (), because addslashes () does not write the backslash to the database , just to help MySQL complete the execution of the SQL statement.

This feature has been deprecated in PHP5.3.0 and has been removed from 5.4.0 (this feature have been DEPRECATED as of PHP 5.3.0 andremoved as of PHP 5 .4.0.). So there's no reason to use magic quotes anymore because it's no longer part of PHP support. But it helped the novice to write better (and more secure) code unconsciously. But when it comes to working with code, it's best to change your code rather than relying on the magic quote to open it.

Second, example:1.

Condition: PHP Magic_quotes_gpc=off writes a string to the database without any filtering processing. The string read from the database has not been processed. Data: $data = "Snow", "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow", "Sun" to the database, the result: SQL statement error, MySQL can not successfully complete the SQL statement, write to the database failed. Database save format: no data. Output data format: no data. Description: An unhandled single quotation mark causes an error in the SQL statement when it is written to the database.

　　

2. ( most commonly used )

Condition: PHP Magic_quotes_gpc=off writes the database string through function addlashes () processing. The string read from the database has not been processed. Data: $data = "Snow", "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow" "Sun" to the database, the result: SQL statement successfully executed, the data written to the database Database save format: Snow "' Sun (as input) output data format: Snow" " Sun (same as input) Description: the Addslashes () function converts the single quotation mark to \ ' escape character so that the SQL statement executes successfully, but \ ' is not stored as data in the database, the database holds snow "' sun ' instead of what we imagined snow\ ' \ ' \ ' Sun

　　

3.

Condition: PHP Magic_quotes_gpc=on writes the database string without any processing. The string read from the database has not been processed. Data: $data = "Snow", "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow" "Sun" to the database, the result: SQL statement successfully executed, the data written to the database Database save format: Snow "' Sun (as input) output data format: Snow" " Sun (same as input) Description: PHP magic_quotes_gpc=on Convert single quotation marks to \ ' escape character so that the SQL statement executed successfully, but \ ' is not as data into the database, the database is saved by snow "'" sun instead of what we imagined snow\ ' \ ' \ ' Sun.

　　

4.

Condition: PHP Magic_quotes_gpc=on writes the database string through function addlashes () processing. The string read from the database has not been processed. Data: $data = "Snow", "Sun"; (There are four consecutive single quotes between snow and sun). Operation: Writes the string: "Snow" "Sun" to the database, the result: SQL statement successfully executed, the data written to the database Database save format: snow\ ' \ ' \ ' \ ' Sun (added escape character) Output data format: snow\ ' \ ' \ ' Sun (added escape character) Description: PHP magic_quotes_gpc=on Convert single quotation marks to \ ' escape character so that the SQL statement executes successfully, addslashes the single quotation marks that are about to be written to the database to \ ', The latter conversion is written as data to the database, and the database holds the snow\ ' \ ' \ ' \ ' Sun

　　

PHP's use of stripslashes and addslashes