In a project, if the magic quotes are open, all backslashes (\), single quotes ('), double quotes ("), and NULL characters are automatically escaped with a backslash, which is exactly the same as the addslashes () function. Here are four related
0x00:php built-in filter functionPHP has built-in functions to defend against attacks and simply introduces several functions.Magic QuotesWhen turned on, all ' (single quotes), "(double quotes), \ (backslash), and NULL characters are automatically
Generally, the magic_quotes_gpc command is on by default for the server space provided by the Space Provider, that is, on. We usually use the stripslashes () function to delete the automatically added backslash.
Generally, the magic_quotes_gpc
In some web containers, some special characters will be converted. In this case, the ie xss filter developer has neglected its understanding at any place, which may lead to bypass.In php, if the "magic quotes" feature (magic_quotes_gpc = On) is
Recently found to do a PHP program form data submission to the database content, as long as there is a single quotation mark or double quotation marks, the following will add a backslash. And every time you save a backslash, it's depressing.
So I
The "\" character generated by the extraction of magic quotes from PHP can pose some security problems, such as the following snippet:
Foo.php?xigr= ' Ryat
function daddslashes ($string, $force = 0) {
!defined (' MAGIC_QUOTES_GPC ') &&
This article describes the way to turn off magic quotes in PHP MAGIC_QUOTES_GPC, with the need for a friend reference.In PHP, the MAGIC_QUOTES_GPC instruction is only closed at the system level and cannot be closed at run time. You cannot use
Recently found to do a PHP program form data submission to the content of the database, as long as the content with single or double quotes, a backslash will be added later. And every time you save a backslash, it's depressing.
So from the Internet
PHP-MagicQuotes simple tutorial. MagicQuotes is used to filter information that is submitted by a form. if (get_magic_quotes_gpc () echoMagicquotesareenabled; elseechoMagicquotesaredisabled; in PHP,-magicq Magic Quotes is used to filter information
For Magic quotes, it is a commonplace question for phper. Today I accidentally see an article, combined with PHP manual and its reply, here to do a simple summary.
In short, the input data is automatically escaped when the Magic quotes is turned on.
One, CGI mode installation security
Second, the Apache module to install security
When PHP is installed as an Apache module, it inherits the privileges of the Apache user (usually "nobody"). This has some impact on security and authentication. For
PHP disables page cache output. Magicquotes is a common issue for PHPer. I accidentally saw an article today, combined with PHPManual and his reply, and made a simple summary here. In short
For Magic quotes, PHPer is a common issue. I accidentally
Blankyao said, "The process of learning is to constantly find mistakes, and constantly correct mistakes";
Let's see what the manual says!
For the average person, look at the first two paragraphs.
Magic Quotes
Code:
Magic Quotes is a process this
Understanding and analysis of phpmagic_quotes_gpc. "The process of learning is to constantly discover and correct errors! For average people, the first two paragraphs can be viewed. MagicQuot blkyao says, "the learning process is to constantly
The MAGIC_QUOTES_GPC method is based on your php.ini configuration, if you open the MAGIC_QUOTES_GPC to generate, his role and addslashes is the same, let me give a detailed introduction about MAGIC_QUOTES_GPC usage.
Read the Thinksaas part of the
PHP Tutorial Configuration Chinese Narration
Let's see what you see, php.ini.
[PHP]
;;;;;;;;;;;; WARNING;;;;;;;;;;;;; This is the default settings file for new PHP installations.; By default, PHP installs itself with a configuration suitable for;
"The learning process is to constantly discover and correct errors," said blankyao ";
Let's take a look at what I said in the manual!
For average people, just look at the first two paragraphs.
Magic quotes
Code:Magic quotes is a process
Blankyao said that "the process of learning is to constantly find mistakes, constantly correcting errors";
Let's see what the manual says!
For the average person, just take a look at the first two paragraphs.
Magic Quotes
Code:
Magic Quotes is a
The combination of Chinese and English is really good. I have previously reposted my summary of PHP security programming. Some people say it's an old growth talk. This time, let's look at the works of foreign friends. According to the latest survey,
Read the Thinksaas part of the source code, found that the $_post/$_get over the data processing method is through the function add_s (), that is, the environment by default does not open the MAGIC_QUOTES_GPC, the data submitted to the addslashes ()
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.