Reasons for automatically adding backslashes before quotation marks after submission of PHP form and three ways to close PHP Magic quotes _php Instances

Recently found to do a PHP program form data submission to the database content, as long as there is a single quotation mark or double quotation marks, the following will add a backslash. And every time you save a backslash, it's depressing.

So I searched from the Internet. Originally PHP program in order to prevent injection or overflow, through the PHP directive MAGIC_QUOTES_GPC automatically in double quotes, single quotation marks, backslashes, null before the backslash is added.

The default PHP directive MAGIC_QUOTES_GPC is on, which is open. You can then use the stripslashes () function to remove the auto-added backslash. The usage is: for example, the variable containing the string is $STR, then use the stripslashes () function to process the string: stripslashes ($STR), the result of the output is to remove the backslash.

So I took the read string content with the Stripslashes () function, that is, $value=stripslashes ($STR), and then save.

However, another problem arises because the local PHP directive MAGIC_QUOTES_GPC is off, and if this function is used, it will remove the normal backslash. This is not what we want.

The solution is to use the function GET_MAGIC_QUOTES_GPC () to detect, if it is open, then remove the backslash, if the state is closed, do not remove the backslash.

The program code is as follows:

$str =$_post["str"];//reads the contents of STR to $STR variable if (GET_MAGIC_QUOTES_GPC ())//If GET_MAGIC_QUOTES_GPC () is open {$str = Stripslashes ($STR);//String processing}

Here are three ways to solve this problem:

Method 1: Modify the PHP configuration file php.ini

This method is only suitable for the case of having the right to administer the server, if the virtual space is used, then only the latter two methods can be used.

Set MAGIC_QUOTES_GPC, Magic_quotes_runtime, magic_quotes_sybase all to off in PHP config file php.ini. As shown below:

MAGIC_QUOTES_GPC = Off

Magic_quotes_runtime = Off

Magic_quotes_sybase = Off

Method 2: Use the. htaccess file

This method is supported only in cases where the server supports htaccess, and now the server will generally support

In the program directory, add the following sentence to the. htaccess file:

Copy the Code code as follows:
Php_flag MAGIC_QUOTES_GPC Off

Method 3: Block in code

This method is the most portable, regardless of the server configuration, as long as the support of PHP can be used.

Add the following code at the beginning of all PHP files

if (GET_MAGIC_QUOTES_GPC ()) {   function stripslashes_deep ($value) {     $value =is_array ($value)? Array_map (' Stripslashes_deep ', $value): Stripslashes ($value);     return $value;   }   $_post=array_map (' Stripslashes_deep ', $_post);   $_get=array_map (' Stripslashes_deep ', $_get);   $_cookie=array_map (' Stripslashes_deep ', $_cookie);   $_request=array_map (' Stripslashes_deep ', $_request); }

The above is the introduction of this article to introduce the PHP form after the quotation mark automatically add back slash reason and three ways to close the PHP magic quotes, I hope you like.

