PHP MAGIC_QUOTES_GPC is mainly in the Web customer service, its role time from the request, and then we will specifically explain how it is used.
AD:
Today we are going to introduce you to the specific use of PHP MAGIC_QUOTES_GPC. We all know that in PHP a special function magic function, which in the process of referencing, only when the transfer of $_get,$_post,$_cookie will occur.
The correct use method of PHP function preg_split
• Interpreting the specific use of PHP function explode ()
The php function implode () differs from the explode () function
PHP class cms How to automatically get keywords
• Explore how PHP functions split () How to use regular expressions to cut
1.
Condition: PHP Magic_quotes_gpc=off
The string written to the database has not been filtered. The string read from the database is also not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement error, MySQL can not successfully complete the SQL statement, write to the database failed.
Database save format: no data.
Output data format: no data.
Note: An unhandled single quote will cause an error in the SQL statement when writing to the database.
2.
Condition: PHP Magic_quotes_gpc=off
The string written to the database is processed by the function addlashes (). The string read from the database is not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement executed successfully, data written to database
Database save format: Snow "' Sun (same as input)
Output data format: Snow "' Sun (same as input)
Description: The Addslashes () function converts single quotes to \ ' escape characters to make the SQL statement execute successfully.
But \ ' is not stored as data in the database, the database is saved by snow "' sun rather than our imagined snow\ ' \ ' \ ' Sun
3.
Condition: PHP Magic_quotes_gpc=on
The string written to the database has not been processed. The string read from the database is not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement executed successfully, data written to database
Database save format: Snow "' Sun (same as input)
Output data format: Snow "' Sun (same as input)
Description: PHP Magic_quotes_gpc=on converts single quotes to \ ' escape characters so that SQL statements are executed successfully.
But \ ' not as data into the database, the database is saved by snow "' sun rather than our imagined snow\ ' \ ' \ ' Sun.
4.
Condition: PHP Magic_quotes_gpc=on
The string written to the database is processed by the function addlashes (). The string read from the database is not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement executed successfully, data written to database
Database save format: snow\ ' \ ' \ ' Sun (added escape character)
Output data format: snow\ ' \ ' \ ' Sun (added escape character)
Description: PHP Magic_quotes_gpc=on converts single quotes to \ ' escape characters so that SQL statements are executed successfully.
Addslashes also converts the single quotation mark that will be written to the database to \, whose conversion is written as data
Database, the database is saved by snow\ ' \ ' Sun
Summarized as follows:
1. In the case of PHP magic_quotes_gpc=on,
We can not make string data for input and output databases
Addslashes () and Stripslashes (), the data is also displayed correctly.
If you addslashes () the input data at this time,
Then you must use Stripslashes () in the output to remove the extra backslash.
2. For PHP Magic_quotes_gpc=off
You must use Addslashes () to process the input data, but you do not need to use stripslashes () to format the output
Because Addslashes () did not write the backslash to the database, it only helped MySQL complete the execution of the SQL statement.
Add:
PHP MAGIC_QUOTES_GPC scope is: Web Client service side; time: When a request starts, for example, when the script is running.
Magic_quotes_runtime Scope: Data read from a file or executed as a result of exec () or from an SQL query; action time: Every time the script accesses the data generated in the running state