Backend DevelopmentPHP TutorialAnalysis of the impact of magic_quotes_gpc on unserialize in PHP, magicquotesgpc_PHP tutorialAnalysis of the impact of magic_quotes_gpc on unserialize in PHP, magicquotesgpc_PHP tutorial
Analysis of the impact of magic_quotes_gpc on unserialize in php, magicquotesgpc
This article analyzes the impact of magic_quotes_gpc on unserialize in PHP. Share it with everyone for your reference. The details are as follows:
magic_quotes_gpc is a function in PHP that adds some security filtering to single and double quotes. However, this function will have some impact on when we use the unserialize function. Let's look at some examples and solutions to this problem.
Yesterday, my friend asked me to help him solve the problem of the shopping cart program on his website. The program uses PHPCMS. It was fine before changing the space. The specific problem is that after successfully adding the shopping cart, it will jump to Shopping cart page, the shopping cart is empty.
I looked at the code. The general principle is to store the product ID and quantity in an array, then serialize it and store it in the COOKIE. Deserialize the COOKIE on the shopping cart page, get this array and read out the corresponding product information. .
After debugging, I found that the problem occurred in unserialize. I first wrote a piece of code based on its shopping cart principle. The code is as follows:
$magic = get_magic_quotes_gpc() ? "On" : "Not on";
$str = array(array('goods_id'=>13,'number'=>1));
setcookie("cart", serialize($str));
echo "magic_quotes_gpc: ".$magic."
";
echo $_COOKIE['cart']."
";
Print_r(unserialize($_COOKIE['cart']));
?>
If you execute this code, you will find that when your magic_quotes_gpc is turned off, this program executes without any problems, but when magic_quotes_gpc is turned on, you will find that the deserialization is not successful. At this time, you may know where the problem lies?
The reason is that when magic_quotes_gpc is turned on, the system will automatically escape and add the single quotes in the result of POST GET COOKIE, so the value of $_COOKIE['cart'] becomes a:1:{i: 0;a:2:{s:8:"goods_id";i:13;s:6:"number";i:1;}}, in this case, unserialize cannot successfully deserialize, and a problem occurs.
The solution is simply to change unserialize($_COOKIE['cart']) to unserialize(stripslashes($_COOKIE['cart'])), add stripslashes before COOKIE, and remove the escape character, so It’ll be no problem.
Let’s do another test on the impact of cookies:
1. Problem: The project data needs to be serialized and stored in a cookie, and then the cookie data is deserialized to obtain the original data. The code is as follows:
$a[1] = array("key"=>"Haru");
$jsona = json_encode($a);
setcookie("testcookie","");
setcookie("testcookie",$jsona);
var_dump($jsona,true); //Normal value
var_dump(json_decode($_COOKIE['testcookie'],true)); //Cannot get value
When there is no cookie assignment, deserialize normally. After passing the cookie, the value obtained is empty.
2. Analysis, The code is as follows:
$a[1] = array("key"=>"Haru");
$jsona = json_encode($a);
var_dump($jsona); //string(50) "[{"key":"u54c8 u903b"},{"key":"u54c8 u903b"}]"
setcookie("testcookie","");
setcookie("testcookie",$jsona);
var_dump($_COOKIE['testcookie']); // string(62) "[{"key":"\u54c8 \u903b"},{"key":"\u54c8 \u903b"}]"
var_dump(json_decode($_COOKIE['testcookie'],true));
After comparing the data, there are a few more // after cookie processing. The solution is as follows:
var_dump(json_decode(str_replace("\","",$_COOKIE['testcookie']),true));
3. Summary:When magic_quotes_gpc is turned on, it will affect the data obtained through get|post|cookies. So when we process data in get|post|cookies, we first determine whether magic_quotes_gpc is turned on.
① When enabled, stripslashes are required to process data
② When it is not enabled, accept data first addslashes and process data stripslashes
I hope this article will be helpful to everyone’s PHP programming design.
PHP Dependency Injection Container: A Quick StartMay 13, 2025 am 12:11 AMAPHPDependencyInjectionContainerisatoolthatmanagesclassdependencies,enhancingcodemodularity,testability,andmaintainability.Itactsasacentralhubforcreatingandinjectingdependencies,thusreducingtightcouplingandeasingunittesting.
Dependency Injection vs. Service Locator in PHPMay 13, 2025 am 12:10 AMSelect DependencyInjection (DI) for large applications, ServiceLocator is suitable for small projects or prototypes. 1) DI improves the testability and modularity of the code through constructor injection. 2) ServiceLocator obtains services through center registration, which is convenient but may lead to an increase in code coupling.
PHP performance optimization strategies.May 13, 2025 am 12:06 AMPHPapplicationscanbeoptimizedforspeedandefficiencyby:1)enablingopcacheinphp.ini,2)usingpreparedstatementswithPDOfordatabasequeries,3)replacingloopswitharray_filterandarray_mapfordataprocessing,4)configuringNginxasareverseproxy,5)implementingcachingwi
PHP Email Validation: Ensuring Emails Are Sent CorrectlyMay 13, 2025 am 12:06 AMPHPemailvalidationinvolvesthreesteps:1)Formatvalidationusingregularexpressionstochecktheemailformat;2)DNSvalidationtoensurethedomainhasavalidMXrecord;3)SMTPvalidation,themostthoroughmethod,whichchecksifthemailboxexistsbyconnectingtotheSMTPserver.Impl
How to make PHP applications fasterMay 12, 2025 am 12:12 AMTomakePHPapplicationsfaster,followthesesteps:1)UseOpcodeCachinglikeOPcachetostoreprecompiledscriptbytecode.2)MinimizeDatabaseQueriesbyusingquerycachingandefficientindexing.3)LeveragePHP7 Featuresforbettercodeefficiency.4)ImplementCachingStrategiessuc
PHP Performance Optimization Checklist: Improve Speed NowMay 12, 2025 am 12:07 AMToimprovePHPapplicationspeed,followthesesteps:1)EnableopcodecachingwithAPCutoreducescriptexecutiontime.2)ImplementdatabasequerycachingusingPDOtominimizedatabasehits.3)UseHTTP/2tomultiplexrequestsandreduceconnectionoverhead.4)Limitsessionusagebyclosin
PHP Dependency Injection: Improve Code TestabilityMay 12, 2025 am 12:03 AMDependency injection (DI) significantly improves the testability of PHP code by explicitly transitive dependencies. 1) DI decoupling classes and specific implementations make testing and maintenance more flexible. 2) Among the three types, the constructor injects explicit expression dependencies to keep the state consistent. 3) Use DI containers to manage complex dependencies to improve code quality and development efficiency.
PHP Performance Optimization: Database Query OptimizationMay 12, 2025 am 12:02 AMDatabasequeryoptimizationinPHPinvolvesseveralstrategiestoenhanceperformance.1)Selectonlynecessarycolumnstoreducedatatransfer.2)Useindexingtospeedupdataretrieval.3)Implementquerycachingtostoreresultsoffrequentqueries.4)Utilizepreparedstatementsforeffi
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Dreamweaver CS6
Visual web development tools
WebStorm Mac version
Useful JavaScript development tools
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
