When your data has some " '
Such characters to write to the database inside, and want to not be filtered out, it is very useful, will be in these words match either automatically added, such as
China's vast territory "haha"
China's vast territory "haha"
You can use set_maginc_quotes_runtime (0) to close off, of course you can also directly in the php.ini set.
get_magic_quotes_runtime () Gets the value of the PHP environment variable magic_quotes_runtime .
MAGIC_QUOTES_GPC is on, it is mainly for all GET,POST and COOKIE data automatically run addslashes (). Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.
They are different.
set_magic_quotes_runtime () allows programmers to dynamically turn magic_quotes_runtimeon or off in code,
set_magic_quotes_runtime (1) indicates on,set_magic_quotes_runtime (0) indicates off. When set_magic_quotes_runtime (1) , text that is read from a database or by a function such as fread will automatically escape the ' " and automatically add a backslash to prevent overflow. This is useful when transferring data from a database.
In general, however, you should turn it off, otherwise the data that is read from the database, single quotes, double quotes, and backslashes are added, causing the display to be unhealthy. Like Discuz,phpwind in the head of the public file add a sentence set_magic_quotes_runtime (0); Forces the magic_quotes_runtime to close.
Magic_quotes_gpc
The scope of action is: Web customer service side;
Action time: The start of the request is, for example, when the script is running.
Magic_quotes_runtime
Scope: Data read from a file or executed by exec () or from a SQL query;
Action time: Data generated each time the script accesses the running state.
So
The MAGIC_QUOTES_GPC setting will affect the data obtained through the get/post/cookies,
The Magic_quotes_runtime setting will affect the data read from the file or the data that is queried from the database,
MAGIC_QUOTES_GPC is to escape data passed by get, POST, and Cookie, which is usually escaped before the data is put into storage.
MAGIC_QUOTES_GPC cannot be turned on or off dynamically in code , you need to set the MAGIC_QUOTES_GPC to on or off to PHP.ini,
You can use GET_MAGIC_QUOTES_GPC to get the state of MAGIC_QUOTES_GPC in your code.
When MAGIC_QUOTES_GPC is off, you need to addslashesThe data manually, as follows:
if (!GET_MAGIC_QUOTES_GPC ()) {new_addslashes ($_get); new_addslashes ($_post); new_addslashes ($_cookie);} function New_addslashes ($string) {if (Is_array ($string)) {foreach ($string as $key = $value) {$string [$key] = New_adds Lashes ($value);}} else {$string = Addslashes ($string);} return $string;}
Another example:
$data 1 = $_post[' aaa ']; $data 2 = implode (file (' 1.txt ')), if (GET_MAGIC_QUOTES_GPC ()) {//Data $data1 directly to the database} else {$data 1 = Addslashes ($data 1);//write Data $data1 to database}if (Get_magic_quotes_runtime ()) {//Data $data2 write directly to database// The data read from the database is Stripslashes () after the output} else {$data 2 = addslashes ($data 2);//write the data $data2 to the database//output from the database read directly}
Experience Summary:
First, for GPC, regardless of whether the system has open MAGIC_QUOTES_GPC (that is, php.ini MAGIC_QUOTES_GPC = on), we open the MAGIC_QUOTES_GPC, the GET, post, the contents of the cookie escaped. The operation is as follows:
(Excerpt from Uchome system)
function Saddslashes ($string) { if (Is_array ($string)) { foreach ($string as $key = $val) { $string [$key ] = Saddslashes ($val); } } else { $string = addslashes ($string); } return $string;} GPC Filter $magic_quote = GET_MAGIC_QUOTES_GPC (); if (Empty ($magic _quote)) { $_get = saddslashes ($_get); $_post = Saddslashes ($_post);} Cookie, the value of the cookie is escaped $prelength = strlen ($_sc[' Cookiepre ')), and foreach ($_cookie as $key = = $val) { if (substr ($key, 0, $prelength) = = $_sc[' Cookiepre ') { $_scookie[(substr ($key, $prelength))] = empty ($magic _quote)? saddslashes ($ val): $val; }}
Second, for the Magic_quotes_runtime, we have closed it uniformly, namely set_magic_quotes_runtime (0); The single quotation marks, double quotes, and backslashes of data read from the database are automatically added. In this way, the operation of the database is as follows: Before adding data to the database, we manually addslashes ()the data, and when the data is fetched from the database, the reverse operation is stripslashes ().
Third, for the content to be serialized, to keep bare data, that is, to remove the escape, stripslashes (), and then save the serialized content into the database (note that the serialized content is not with single quotation marks ('), double quotation marks ("), backslash ()), the example is as follows:
$feedarr [' body_data '] = Serialize (stripslashes ($body _data));
The function set_magic_quotes_runtime () is deprecated problem?
deprecated:function set_magic_quotes_runtime () is Deprecated error in installing PHPCMS, check the network and data discovery is PHP5.3 and The set_magic_quotes_runtime () function is removed after PHP6.0 .
I can replace it with the following scenario:
@set_magic_quotes_runtime (0);
Or
Ini_set ("Magic_quotes_runtime", 0);
Or
if (Phpversion () < ' 5.3.0 ') {set_magic_quotes_runtime (0);}
The difference and usage of MAGIC_QUOTES_GPC and magic_quotes_runtime