Reasons why PHP forms are automatically added with backslashes before quotation marks and three ways to disable php magic quotes

Generally, the magic_quotes_gpc command is on by default for the server space provided by the space provider, that is, on. We usually use the stripslashes () function to delete the automatically added backslash. Recently, it was found that when the form data of a php program is submitted to the database, a backslash will be added after it contains single quotes or double quotation marks. It is depressing to add a backslash every time it is saved.

So I searched the PHP program from the internet and used it to prevent injection or overflow. I used the PHP command magic_quotes_gpc to automatically add a backslash before double quotation marks, single quotation marks, backslash, and NULL.

The default PHP command magic_quotes_gpc is on, that is, open. In this case, you can use the stripslashes () function to delete the automatically added backslash. Usage: for example, if the variable containing the string is $ str, use the stripslashes () function to process the string: stripslashes ($ str). the output result is to remove the backslash.

Then I processed the read string content using the stripslashes () function, that is, $ value = stripslashes ($ str), and then saved it.

However, another problem occurs because the local PHP command magic_quotes_gpc is off. if this function is used, the normal backslash will be removed. This is not what we want.

The solution is to useThe get_magic_quotes_gpc () function is used for detection. if it is enabled, the backslash is removed. if it is disabled, the backslash is not removed.

The program code is as follows:

$ Str = $ _ POST ["str"]; // read the str content and assign it to the $ str variable if (get_magic_quotes_gpc () // if get_magic_quotes_gpc () yes {$ str = stripslashes ($ str); // process the string}

The following three methods are provided to solve this problem:

The code is as follows:

Php_flag magic_quotes_gpc Off

Method 3: Block in the code

This method is the most portable, so you don't need to consider the server configuration, as long as PHP is supported.

Add the following code at the beginning of all php files

if(get_magic_quotes_gpc()){   function stripslashes_deep($value){     $value=is_array($value)?array_map('stripslashes_deep',$value):stripslashes($value);     return $value;   }   $_POST=array_map('stripslashes_deep',$_POST);   $_GET=array_map('stripslashes_deep',$_GET);   $_COOKIE=array_map('stripslashes_deep',$_COOKIE);   $_REQUEST=array_map('stripslashes_deep',$_REQUEST); }

The above section describes the reasons for automatically adding a backslash before a PHP form is submitted and three methods to disable php magic quotes.