Home >Backend Development >PHP Tutorial >Quickly master the principle of PHP quotation escape_PHP tutorial
We are using
There are three settings in PHP that can automatically match ' (single quote), " (double quote), (backslash) and NULL characters Transfer.
PHP calls it magic quotes. These three settings are
magic_quotes_gpc
which affects HTTP request data (GET, POST and COOKIE). The default value in PHP is on.
magic_quotes_runtime
If turned on, most functions that obtain and return data from external sources, including databases and text files, will return The data will be backslash escaped. This option can be changed at runtime. The default value in PHP is off
magic_quotes_sybase
If turned on, single quotes will be used. PHP quote escapes single quotes instead of backslashes. This option completely overrides magic_quotes_gpc. If both options are turned on, single quotes will be escaped. Double quotes, backslashes, and NULL characters will not be escaped.
Although it is convenient to implement automatic PHP quotation mark escaping of special symbols, this will reduce the efficiency of the program and make the portability of the program cumbersome. If you don't know the server ini settings, you also need to call get_magic_quotes_gpc(), get_magic_quotes_runtime() or ini_get() to detect the status.
For example:
<ol class="dp-xml"> <li class="alt"><span><span>if (!get_magic_quotes_gpc()) { </span></span></li> <li> <span>$</span><span class="attribute">lastname</span><span> = </span><span class="attribute-value">addslashes<br></span><span>($_POST['lastname']); </span> </li> <li class="alt"><span>} else { </span></li> <li> <span>$</span><span class="attribute">lastname</span><span> = $_POST['lastname']; </span> </li> <li class="alt"><span>} </span></li> </ol>
Therefore, it is best to turn off PHP’s magic quotes, and manually use addslashes(), stripslashes() to escape and cancel PHP quote escapes according to the situation. You can learn from discuz and add set_magic_quotes_runtime(0); to the configuration file to cancel escaping.