The use of PHP MAGIC_QUOTES_GPC based on the detailed _php skills

Source: Internet
Author: User
Tags explode php class

PHP MAGIC_QUOTES_GPC is mainly in the Web customer service, its role time from the request, and then we will specifically explain how it is used.
AD:
Today we are going to introduce you to the specific use of PHP MAGIC_QUOTES_GPC. We all know that in PHP a special function magic function, which in the process of referencing, only when the transfer of $_get,$_post,$_cookie will occur.
The correct use method of PHP function preg_split
• Interpreting the specific use of PHP function explode ()
The php function implode () differs from the explode () function
PHP class cms How to automatically get keywords
• Explore how PHP functions split () How to use regular expressions to cut

1.
Condition: PHP Magic_quotes_gpc=off
The string written to the database has not been filtered. The string read from the database is also not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement error, MySQL can not successfully complete the SQL statement, write to the database failed.
Database save format: no data.
Output data format: no data.
Note: An unhandled single quote will cause an error in the SQL statement when writing to the database.

2.
Condition: PHP Magic_quotes_gpc=off
The string written to the database is processed by the function addlashes (). The string read from the database is not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement executed successfully, data written to database
Database save format: Snow "' Sun (same as input)
Output data format: Snow "' Sun (same as input)
Description: The Addslashes () function converts single quotes to \ ' escape characters to make the SQL statement execute successfully.
But \ ' is not stored as data in the database, the database is saved by snow "' sun rather than our imagined snow\ ' \ ' \ ' Sun

3.
Condition: PHP Magic_quotes_gpc=on
The string written to the database has not been processed. The string read from the database is not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement executed successfully, data written to database
Database save format: Snow "' Sun (same as input)
Output data format: Snow "' Sun (same as input)
Description: PHP Magic_quotes_gpc=on converts single quotes to \ ' escape characters so that SQL statements are executed successfully.
But \ ' not as data into the database, the database is saved by snow "' sun rather than our imagined snow\ ' \ ' \ ' Sun.

4.
Condition: PHP Magic_quotes_gpc=on
The string written to the database is processed by the function addlashes (). The string read from the database is not processed.
Data: $data = "Snow" "Sun"; (There are four consecutive single quotes between snow and sun.)
Action: Writes the string: "Snow" ' sun ' to the database,
Result: SQL statement executed successfully, data written to database
Database save format: snow\ ' \ ' \ ' Sun (added escape character)
Output data format: snow\ ' \ ' \ ' Sun (added escape character)
Description: PHP Magic_quotes_gpc=on converts single quotes to \ ' escape characters so that SQL statements are executed successfully.
Addslashes also converts the single quotation mark that will be written to the database to \, whose conversion is written as data
Database, the database is saved by snow\ ' \ ' Sun

Summarized as follows:
1. In the case of PHP magic_quotes_gpc=on,
We can not make string data for input and output databases
Addslashes () and Stripslashes (), the data is also displayed correctly.
If you addslashes () the input data at this time,
Then you must use Stripslashes () in the output to remove the extra backslash.

2. For PHP Magic_quotes_gpc=off
You must use Addslashes () to process the input data, but you do not need to use stripslashes () to format the output
Because Addslashes () did not write the backslash to the database, it only helped MySQL complete the execution of the SQL statement.

Add:
PHP MAGIC_QUOTES_GPC scope is: Web Client service side; time: When a request starts, for example, when the script is running.
Magic_quotes_runtime Scope: Data read from a file or executed as a result of exec () or from an SQL query; action time: Every time the script accesses the data generated in the running state

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.