Reasons for automatically adding a backslash before a PHP form submission quotation mark and three ways to disable the php magic quotation mark, submit a backslash _ PHP Tutorial

Reasons for automatically adding a backslash before a PHP form submission quotation mark and three methods to disable the php magic quotation mark. Reasons why PHP forms are automatically added with backslashes before quotation marks and three ways to disable php magic quotes, the submitted slash recently finds out the reason why php forms are automatically added with the backslash before the quotation marks in the form data submitted to the database and written to the database. There are three ways to close the PHP magic quotation marks and submit the backslash.

Recently, it was found that when the form data of a php program is submitted to the database, a backslash will be added after it contains single quotes or double quotation marks. It is depressing to add a backslash every time it is saved.

So I searched the PHP program from the internet and used it to prevent injection or overflow. I used the PHP command magic_quotes_gpc to automatically add a backslash before double quotation marks, single quotation marks, backslash, and NULL.

The default PHP command magic_quotes_gpc is on, that is, open. In this case, you can use the stripslashes () function to delete the automatically added backslash. Usage: for example, if the variable containing the string is $ str, use the stripslashes () function to process the string: stripslashes ($ str). the output result is to remove the backslash.

Then I processed the read string content using the stripslashes () function, that is, $ value = stripslashes ($ str), and then saved it.

However, another problem occurs because the local PHP command magic_quotes_gpc is off. if this function is used, the normal backslash will be removed. This is not what we want.

The solution is to useThe get_magic_quotes_gpc () function is used for detection. if it is enabled, the backslash is removed. if it is disabled, the backslash is not removed.

The program code is as follows:

$ Str = $ _ POST ["str"]; // read the str content and assign it to the $ str variable if (get_magic_quotes_gpc () // if get_magic_quotes_gpc () yes {$ str = stripslashes ($ str); // process the string}

The following three methods are provided to solve this problem:

Method 1: modify the PHP configuration file php. ini.

This method is only applicable when you have the right to manage the server. if you use virtual space, you can only use the last two methods.

In the PHP configuration file php. ini, set magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase to off. As follows:

Magic_quotes_gpc = Off

Magic_quotes_runtime = Off

Magic_quotes_sybase = Off

Method 2: use the. htaccess file

This method is supported only when the server supports htaccess.

Add the following sentence to the. htaccess file in the program directory:

The code is as follows:
Php_flag magic_quotes_gpc Off

Method 3: Block in the code

This method is the most portable, so you don't need to consider the server configuration, as long as PHP is supported.

Add the following code at the beginning of all php files

if(get_magic_quotes_gpc()){   function stripslashes_deep($value){     $value=is_array($value)?array_map('stripslashes_deep',$value):stripslashes($value);     return $value;   }   $_POST=array_map('stripslashes_deep',$_POST);   $_GET=array_map('stripslashes_deep',$_GET);   $_COOKIE=array_map('stripslashes_deep',$_COOKIE);   $_REQUEST=array_map('stripslashes_deep',$_REQUEST); }

The above section describes the reasons for automatically adding a backslash before a PHP form is submitted and three methods to disable php magic quotes.

Pipeline recently found a php program to write form data to the database...