Magic Quotes is used to filter forms submitted over illegal information processing, if (GET_MAGIC_QUOTES_GPC ()) echo "Magic quotes is enabled"; else echo "Magic quotes is D Isabled ";
PHP-magic QuotesBefore to PHP 6th there is a feature called
Analysis of security issues caused by PHP magic quotes, magic quotes. Analysis of security problems caused by PHP magic quotes. magic quotes PHP may cause security problems by extracting the "" character produced by Magic Quotes. for example, the
PHP Magic Quotes brings security issues analysis, magic quotes
The "\" character generated by PHP by extracting magic quotes poses some security problem, such as the following snippet:
Foo.php?xigr= ' Ryatfunction daddslashes ($string, $force = 0) {
In PHP, single and double quotes are not interoperable, the specific difference is as follows:
The fields inside the double quotes are interpreted by the compiler and then exported as HTML code.
' Single quotes inside without explanation, direct
Special view of the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are configured in php.ini, and it can be seen from the manual that these
One, what is magic quotes
Reminder: This feature has been discarded from PHP 5.3.0 and will be removed from PHP 5.4.0.So after version 5.4 the PHP profile is not found with the configuration information of the magic quotes
When opened, all '
Today found that the program relay code over the string has 3/escape characters appear, after the investigation, is the PHP configuration in the MAGIC_QUOTES_GPC open, the $_post data automatically converted, and then the program is converted, which
1. What is the function of magic quotes?
?The Magic quote design was designed to escape from a database or file and receive parameters from a request, with single quotes, double quotes, backslashes, and null plus a backslash, which works
One, single quotes and double quotes escape in the PHP data stored procedures used more, that is, to store data in the database when you need to pay attention to escape single, double quotes;
Let's say a few PHP functions:
1, addslashes-use
Specifically looked at the next manual, about PHP magic quotes, a few common settings are as follows, Magic_quotes_gpc,magic_quotes_sybase,magic_quote_runtime, These functions are configured in PHP.ini, as can be seen from the manual, which has been
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.