Reasons why PHP forms are automatically added with backslashes before quotation marks and three ways to disable php magic quotes

Generally, the magic_quotes_gpc command is on by default for the server space provided by the Space Provider, that is, on. We usually use the stripslashes () function to delete the automatically added backslash.

Generally, the magic_quotes_gpc command is on by default for the server space provided by the Space Provider, that is, on. We usually use the stripslashes () function to delete the automatically added backslash.

Recently, it was found that when the form data of a php program is submitted to the database, a backslash will be added after it contains single quotes or double quotation marks. It is depressing to add a backslash every time it is saved.

So I searched the PHP program from the Internet and used it to prevent injection or overflow. I used the PHP Command magic_quotes_gpc to automatically add a backslash before double quotation marks, single quotation marks, backslash, and NULL.

The default PHP Command magic_quotes_gpc is on, that is, open. In this case, you can use the stripslashes () function to delete the automatically added backslash. Usage: for example, if the variable containing the string is $ str, use the stripslashes () function to process the string: stripslashes ($ str). The output result is to remove the backslash.

Then I processed the read string content using the stripslashes () function, that is, $ value = stripslashes ($ str), and then saved it.

However, another problem occurs because the local PHP Command magic_quotes_gpc is off. If this function is used, the normal backslash will be removed. This is not what we want.

The solution is to use the get_magic_quotes_gpc () function for detection. If the function is enabled, the backslash is removed. If the function is disabled, the backslash is not removed.

The program code is as follows:

$ Str = $ _ POST ["str"]; // read the str content and assign it to the $ str variable if (get_magic_quotes_gpc () // if get_magic_quotes_gpc () yes {$ str = stripslashes ($ str); // process the string}

The following three methods are provided to solve this problem:

Method 1: Modify the PHP configuration file php. ini.

This method is only applicable when you have the right to manage the server. If you use virtual space, you can only use the last two methods.

In the PHP configuration file php. ini, set magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase to off. As follows:

Magic_quotes_gpc = Off

Magic_quotes_runtime = Off

Magic_quotes_sybase = Off

Method 2: Use the. htaccess File

This method is supported only when the server supports htaccess.

Add the following sentence to the. htaccess file in the program directory:

The Code is as follows:

Php_flag magic_quotes_gpc Off

Method 3: block in the code

This method is the most portable and can be used as long as PHP is supported without considering server configurations.

Add the following code at the beginning of all PHP files

If (get_magic_quotes_gpc () {function stripslashes_deep ($ value) {$ value = is_array ($ value )? Array_map ('stripslashes _ deep ', $ value): stripslashes ($ value); return $ value ;}$ _ POST = array_map ('stripslashes _ deep', $ _ POST ); $ _ GET = array_map ('stripslashes _ deep ', $ _ GET); $ _ COOKIE = array_map ('stripslashes _ deep', $ _ COOKIE ); $ _ REQUEST = array_map ('stripslashes _ deep ', $ _ REQUEST );}

The above section describes the reasons for automatically adding a backslash before a PHP form is submitted and three methods to disable php magic quotes.