Analysis of security issues caused by PHP magic quotes, magic quotes. Analysis of security problems caused by PHP magic quotes. magic quotes PHP may cause security problems by extracting the "" character produced by Magic Quotes. for example, the
Magic Quotes is used to filter forms submitted over illegal information processing, if (GET_MAGIC_QUOTES_GPC ()) echo "Magic quotes is enabled"; else echo "Magic quotes is D Isabled ";
PHP-magic QuotesBefore to PHP 6th there is a feature called
Blankyao said, "The process of learning is to constantly find mistakes, and constantly correct mistakes";
Let's see what the manual says!
For the average person, look at the first two paragraphs.
Magic Quotes
Code:
Magic Quotes is a process this
-Magic quotes of PHPA function called magic quotes was previously created in PHP 6 to help protect novice programmers from writing bad table processing code. Magic quotes automatically avoids dangerous form data and may be used for SQL injection
PHP Magic Quotes brings security issues analysis, magic quotes
The "\" character generated by PHP by extracting magic quotes poses some security problem, such as the following snippet:
Foo.php?xigr= ' Ryatfunction daddslashes ($string, $force = 0) {
1. What is the function of magic quotes?
?The Magic quote design was designed to escape from a database or file and receive parameters from a request, with single quotes, double quotes, backslashes, and null plus a backslash, which works
Recently found to do a PHP program form data submission to the content of the database, as long as the content with single or double quotes, a backslash will be added later. And every time you save a backslash, it's depressing.
So from the Internet
When processing mysql, GET, and POST data, you often need to escape the data quotation marks. PHP has three settings for automatic (single quotation marks), (double quotation marks), (backslash) and NULL character rotation. PHP calls it magic quotes.
One, single and double-quote escape in PHP data stored in the process used more, that is, to store data in the database need to pay attention to escape single, double quotation marks;Say a few PHP functions first:1. addslashes- uses a backslash
In a project, if the magic quotes are open, all backslashes (\), single quotes ('), double quotes ("), and NULL characters are automatically escaped with a backslash, which is exactly the same as the addslashes () function. Here are four related
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.