简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  Why is POST Data Auto-Escaping in PHP Even When Magic Quotes are Disabled?

Why is POST Data Auto-Escaping in PHP Even When Magic Quotes are Disabled?

DDD
DDDOriginal
2024-10-28 07:59:02846browse

Why is POST Data Auto-Escaping in PHP Even When Magic Quotes are Disabled?

Unveiling the Mysterious Auto-Escaping Post Data in PHP with Disabled Magic Quotes

When working with POST data in PHP, particularly within a WordPress environment, it's possible to encounter unexpected auto-escaping behaviors despite having magic quotes turned off. This perplexing issue arises when POST data undergoes automatic escaping, even though magic quotes are reportedly disabled (get_magic_quotes_gpc() returns 0).

WordPress's Influence

Upon delving deeper into the issue, it becomes apparent that WordPress plays a crucial role in triggering this auto-escaping mechanism. When WordPress is bootstrapped as part of your application's initialization process, its code interferes with the natural behavior of PHP's magic quotes.

WordPress includes functionality that intercepts request data, including POST data, and performs certain operations, one of which is escaping single quotes ('). This behavior extends even when magic quotes are disabled in php.ini.

The Source of the Bug

A closer examination of the WordPress codebase reveals a bug reported under the WordPress Core Trac system (ticket 18322). This issue relates to the incorrect handling of request data, which triggers unwanted escaping.

The Solution

Fortunately, a solution is available to resolve this auto-escaping dilemma. The WordPress Codex recommends using the stripslashes_deep() function to "un-escape" POST data before performing any operations on it. By employing this function, you can effectively override WordPress's auto-escaping and retrieve the data in its original format.

To implement this solution, add the following code to your PHP script:

<code class="php">$_GET       = array_map('stripslashes_deep', $_GET);
$_POST      = array_map('stripslashes_deep', $_POST);
$_COOKIE    = array_map('stripslashes_deep', $_COOKIE);
$_SERVER    = array_map('stripslashes_deep', $_SERVER);
$_REQUEST   = array_map('stripslashes_deep', $_REQUEST);</code>

This code strips slashes from all superglobals, ensuring that POST data is not automatically escaped when accessed in PHP.

The above is the detailed content of Why is POST Data Auto-Escaping in PHP Even When Magic Quotes are Disabled?. For more information, please follow other related articles on the PHP Chinese website!

php format auto using function this bug issue WordPress
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Here are a few title options, each posing a question relevant to the article\'s content: Option 1 (More direct): * Swiftmailer and Gmail: Why is my send() method failing? Option 2 (More focused onNext article:Here are a few title options, each posing a question relevant to the article\'s content: Option 1 (More direct): * Swiftmailer and Gmail: Why is my send() method failing? Option 2 (More focused on

Related articles

See more