Backend DevelopmentPHP TutorialPHP implements code for processing input escape characters, PHP escape character code_PHP tutorialPHP implements code for processing input escape characters, PHP escape character code_PHP tutorial
php implements code for processing input escape characters, php escape character code
Let’s start with a function, which was recently introduced in WordPress 3.6
/**
* Add slashes to a string or array of strings.
*
* This should be used when preparing data for core API that expects slashed data.
* This should not be used to escape data going directly into an SQL query.
*
* @since 3.6.0
*
* @param string|array $value String or array of strings to slash.
* @return string|array Slashed $value
*/
function wp_slash( $value ) {
if ( is_array( $value ) ) {
foreach ( $value as $k => $v ) {
if ( is_array( $v ) ) {
$value[$k] = wp_slash( $v );
} else {
$value[$k] = addslashes( $v );
}
}
} else {
$value = addslashes( $value );
}
return $value;
}
First explain one PHP built-in function: get_magic_quotes_gpc()
The purpose of this function is to get the value of the magic_quotes_gpc option in the php.ini settings.
If the value of the magic_quotes_gpc option is On, the PHP parser will automatically add the escape character "" to the data from post, get, and cookie to ensure that these data will not cause fatal errors caused by special characters in the program, especially the database statement. mistake.
is turned on, characters such as single quotes ('), double quotes ("), backslashes () and NUL (NULL characters) will be backslashed, otherwise they need to be processed manually, using addslashes()
Returns 1 when magic_quotes_gpc value is On, otherwise returns 0
The addslashes() function adds a backslash before the specified predefined characters. That is, the characters listed above
But the get_magic_quotes_gpc() built-in function has been canceled in PHP5.4 and above. In order to avoid future errors, all inputs are filtered like this:
if(!function_exists(get_magic_quotes_gpc) || !get_magic_quotes_gpc() )) {
foreach(array('_COOKIE', '_POST', '_GET') as $v) {
foreach($$v as $kk => $vv) {
$kk{0} != '_' && $$v[$kk] = addslashes($vv);
}
}
}
When processing mysql and GET and POST data, it is often necessary to escape the quotation marks of the data.
There are three settings in PHP that can automatically convert ' (single quote), " (double quote), (backslash) and NULL characters.
PHP calls it magic quotes, and these three settings are
magic_quotes_gpc
Affects HTTP request data (GET, POST and COOKIE). Cannot be changed at runtime. The default value in PHP is on.
When this is turned on, data passed through GET, POST, and COOKIE will be automatically escaped.
Such as test.php?id=abc'de"f
echo $_GET['id']; # will get abc'de"f
magic_quotes_gpc=On; If this is turned on, it will have no effect on writing to the database. For example, if the $_GET['id'] above is written to the database, it will still be abc'de"f ,
On the contrary, if magic_quotes_gpc=Off; then the characters must contain quotation marks (regardless of single quotation marks or double quotation marks), and writing directly to mysql will directly become blank
But if you write it to document instead of mysql. Then it will be abc'de"f
magic_quotes_runtime
If turned on, most functions that obtain and return data from external sources, including databases and text files, will return backslash-escaped data. This option can be changed at runtime, and the default value in PHP is off.
magic_quotes_sybase
If turned on, single quotes will be escaped using single quotes instead of backslashes. This option completely overrides magic_quotes_gpc. If both options are turned on, single quotes will be escaped as "". Double quotes, backslashes and NULL characters will not be escaped.
My form content was originally: 
Countermeasure 1: Modify the php.ini file (I won’t go into the method of modifying php.ini, you can google it)
Countermeasure 2: Cancel the escaping
Step one: Find the data you submitted such as $_POST['content'] and change it to $content=stripslashes($_POST['content']);
Step 2: In the future, replace $POST['content'] with $content
Step 3: Submit to the database, the database storage is still normal:
(You should know how to solve this, right? How about I try again? Please excuse me)
Step 4: Use stripslashes() to filter the content read from the database.
stripslashes() This function removes the backslashes added by the addslashes() function. Used to clean data retrieved from databases or HTML forms
(
If you do not want the following situations to occur in the PHP page:
Single quotes are escaped as '
Double quotes are escaped as "
Then you can make the following settings to prevent:
Set in php.ini: magic_quotes_gpc = Off)
The summary is as follows:
1. For the case of magic_quotes_gpc=on ,
We can not do anything with the string data of the input and output databases
For the operations of addslashes() and stripslashes(), the data will be displayed normally.
If you perform addslashes() on the input data at this time,
Then you must use stripslashes() to remove excess backslashes when outputting.
2. For the case of magic_quotes_gpc=off
You must use addslashes() to process the input data, but you do not need to use stripslashes() to format the output
Because addslashes() does not write the backslashes into the database, it just helps mysql complete the execution of the sql statement.
How does PHP identify a user's session?May 01, 2025 am 12:23 AMPHPidentifiesauser'ssessionusingsessioncookiesandsessionIDs.1)Whensession_start()iscalled,PHPgeneratesauniquesessionIDstoredinacookienamedPHPSESSIDontheuser'sbrowser.2)ThisIDallowsPHPtoretrievesessiondatafromtheserver.
What are some best practices for securing PHP sessions?May 01, 2025 am 12:22 AMThe security of PHP sessions can be achieved through the following measures: 1. Use session_regenerate_id() to regenerate the session ID when the user logs in or is an important operation. 2. Encrypt the transmission session ID through the HTTPS protocol. 3. Use session_save_path() to specify the secure directory to store session data and set permissions correctly.
Where are PHP session files stored by default?May 01, 2025 am 12:15 AMPHPsessionfilesarestoredinthedirectoryspecifiedbysession.save_path,typically/tmponUnix-likesystemsorC:\Windows\TemponWindows.Tocustomizethis:1)Usesession_save_path()tosetacustomdirectory,ensuringit'swritable;2)Verifythecustomdirectoryexistsandiswrita
How do you retrieve data from a PHP session?May 01, 2025 am 12:11 AMToretrievedatafromaPHPsession,startthesessionwithsession_start()andaccessvariablesinthe$_SESSIONarray.Forexample:1)Startthesession:session_start().2)Retrievedata:$username=$_SESSION['username'];echo"Welcome,".$username;.Sessionsareserver-si
How can you use sessions to implement a shopping cart?May 01, 2025 am 12:10 AMThe steps to build an efficient shopping cart system using sessions include: 1) Understand the definition and function of the session. The session is a server-side storage mechanism used to maintain user status across requests; 2) Implement basic session management, such as adding products to the shopping cart; 3) Expand to advanced usage, supporting product quantity management and deletion; 4) Optimize performance and security, by persisting session data and using secure session identifiers.
How do you create and use an interface in PHP?Apr 30, 2025 pm 03:40 PMThe article explains how to create, implement, and use interfaces in PHP, focusing on their benefits for code organization and maintainability.
What is the difference between crypt() and password_hash()?Apr 30, 2025 pm 03:39 PMThe article discusses the differences between crypt() and password_hash() in PHP for password hashing, focusing on their implementation, security, and suitability for modern web applications.
How can you prevent Cross-Site Scripting (XSS) in PHP?Apr 30, 2025 pm 03:38 PMArticle discusses preventing Cross-Site Scripting (XSS) in PHP through input validation, output encoding, and using tools like OWASP ESAPI and HTML Purifier.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Dreamweaver CS6
Visual web development tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
