Home >Backend Development >PHP Tutorial >The reason why a backslash is automatically added before the quotation mark after the PHP form is submitted and three ways to turn off the php magic quotation marks and the slash after submission_PHP Tutorial

The reason why a backslash is automatically added before the quotation mark after the PHP form is submitted and three ways to turn off the php magic quotation marks and the slash after submission_PHP Tutorial

WBOY
WBOYOriginal
2016-07-12 09:07:53981browse

The reason why backslash is automatically added before the quotation marks after PHP form submission and three ways to turn off php magic quotation marks, slash after submission

Recently I found a PHP program to submit form data Whenever the content written to the database contains single or double quotes, a backslash will be added at the end. And every time I save, a backslash is added, which is very frustrating.

So I searched the Internet and it turned out that in order to prevent injection or overflow, the PHP program uses the PHP command magic_quotes_gpc to automatically add a backslash in front of double quotes, single quotes, backslashes, and NULL.

The default PHP command magic_quotes_gpc is on, that is, it is turned on. At this time, you can use the stripslashes() function to remove the automatically added backslashes. The usage is: for example, the variable containing the string is $str, then use the stripslashes() function to process the string: stripslashes($str), and the output result will be with the backslashes removed.

So I used the stripslashes() function to process the read string content, that is, $value=stripslashes($str), and then saved it.

But another problem arises, that is because the local PHP command magic_quotes_gpc is off. If this function is used, the normal backslashes will be removed. This is not what we want.

The solution is to use the function get_magic_quotes_gpc() to detect. If it is in the open state, then the backslash is removed. If it is in the closed state, the backslash is not removed.

The program code is as follows:

$str=$_POST["str"];//读取str的内容赋值给$str变量
if(get_magic_quotes_gpc())//如果get_magic_quotes_gpc()是打开的
{$str=stripslashes($str);//将字符串进行处理
}

Here are three ways to solve this problem:

Method 1: Modify the PHP configuration file php.ini

This method is only suitable if you have the right to manage the server. If you use virtual space, you can only use the last two methods.

Set magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase all to off in the PHP configuration file php.ini. As shown below:

magic_quotes_gpc = Off

magic_quotes_runtime = Off

magic_quotes_sybase = Off

Method 2: Using .htaccess file

This method only works if the server supports htaccess, which is generally supported by current servers

Add the following sentence to the .htaccess file in the program directory:

Copy code The code is as follows:
php_flag magic_quotes_gpc Off

Method 3: Block
in the code

This method is the most portable. You don’t need to consider the server configuration. It can be used as long as it supports PHP.

Add the following code at the beginning of all PHP files

if(get_magic_quotes_gpc()){
   function stripslashes_deep($value){
     $value=is_array($value)?array_map('stripslashes_deep',$value):stripslashes($value);
     return $value;
   }
   $_POST=array_map('stripslashes_deep',$_POST);
   $_GET=array_map('stripslashes_deep',$_GET);
   $_COOKIE=array_map('stripslashes_deep',$_COOKIE);
   $_REQUEST=array_map('stripslashes_deep',$_REQUEST);
 }

The above introduction is the reason why backslashes are automatically added before quotation marks after PHP form submission and three methods to close PHP magic quotation marks. I hope you like it.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1058159.htmlTechArticleThe reason why a backslash is automatically added before the quotation mark after the PHP form is submitted and three ways to turn off the php magic quotation mark, after submission Slash recently discovered how to make a php program to submit form data and write it into the database...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn