Home >Backend Development >PHP Tutorial >The reason why a backslash is automatically added before the quotation mark after the PHP form is submitted and three ways to turn off the php magic quotation marks and the slash after submission_PHP Tutorial
Recently I found a PHP program to submit form data Whenever the content written to the database contains single or double quotes, a backslash will be added at the end. And every time I save, a backslash is added, which is very frustrating.
So I searched the Internet and it turned out that in order to prevent injection or overflow, the PHP program uses the PHP command magic_quotes_gpc to automatically add a backslash in front of double quotes, single quotes, backslashes, and NULL.
The default PHP command magic_quotes_gpc is on, that is, it is turned on. At this time, you can use the stripslashes() function to remove the automatically added backslashes. The usage is: for example, the variable containing the string is $str, then use the stripslashes() function to process the string: stripslashes($str), and the output result will be with the backslashes removed.
So I used the stripslashes() function to process the read string content, that is, $value=stripslashes($str), and then saved it.
But another problem arises, that is because the local PHP command magic_quotes_gpc is off. If this function is used, the normal backslashes will be removed. This is not what we want.
The solution is to use the function get_magic_quotes_gpc() to detect. If it is in the open state, then the backslash is removed. If it is in the closed state, the backslash is not removed.
The program code is as follows:
$str=$_POST["str"];//读取str的内容赋值给$str变量 if(get_magic_quotes_gpc())//如果get_magic_quotes_gpc()是打开的 {$str=stripslashes($str);//将字符串进行处理 }
Here are three ways to solve this problem:
Method 1: Modify the PHP configuration file php.ini
This method is only suitable if you have the right to manage the server. If you use virtual space, you can only use the last two methods.
Set magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase all to off in the PHP configuration file php.ini. As shown below:
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
Method 2: Using .htaccess file
This method only works if the server supports htaccess, which is generally supported by current servers
Add the following sentence to the .htaccess file in the program directory:
Copy code The code is as follows:
php_flag magic_quotes_gpc Off
Method 3: Block
in the code
This method is the most portable. You don’t need to consider the server configuration. It can be used as long as it supports PHP.
Add the following code at the beginning of all PHP files
if(get_magic_quotes_gpc()){ function stripslashes_deep($value){ $value=is_array($value)?array_map('stripslashes_deep',$value):stripslashes($value); return $value; } $_POST=array_map('stripslashes_deep',$_POST); $_GET=array_map('stripslashes_deep',$_GET); $_COOKIE=array_map('stripslashes_deep',$_COOKIE); $_REQUEST=array_map('stripslashes_deep',$_REQUEST); }
The above introduction is the reason why backslashes are automatically added before quotation marks after PHP form submission and three methods to close PHP magic quotation marks. I hope you like it.