Home >Backend Development >PHP Tutorial >Differences and usage introduction based on magic_quotes_gpc and magic_quotes_runtime_PHP tutorial
Differences and usage introduction based on magic_quotes_gpc and magic_quotes_runtime_PHP tutorial
- WBOYOriginal
- 2016-07-21 15:11:45829browse
It is very useful when there are some characters like " " '
in your data that you want to write into the database and do not want to be filtered out. It will be automatically added in front of these characters, such as
China's Big Land and Natural Resources "Haha"
China\Big Land and Natural Resources "Haha"
can be turned off using set_magic_quotes_runtime(0). Of course, you can also set it directly in php.ini
get_magic_quotes_runtime() to obtain the PHP environment variable. The value of magic_quotes_runtime.
magic_quotes_gpc is on, which mainly automatically runs addslashes() on all GET, POST and COOKIE data. Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, because this Will result in double-level escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect the difference between the two.
set_magic_quotes_runtime() allows programmers to dynamically turn on or off magic_quotes_runtime in code,
set_magic_quotes_runtime(1) means turning it on, and set_magic_quotes_runtime(0) means turning it off. When set_magic_quotes_runtime(1) is used, the text read from the database or through functions such as fread will automatically escape ' " and backslashes to prevent overflow. This is when transferring data from the database Very useful. But in general, it should be turned off, otherwise single quotes, double quotes and backslashes will be added to the data read from the database, causing abnormal display in public files. Add the sentence set_magic_quotes_runtime(0); to the header to force close magic_quotes_runtime
magic_quotes_gpc
Time of action: The request starts, for example, when the script is running.
magic_quotes_runtime
Time of action: Every time the script accesses data generated in the running state.
So
The setting value of magic_quotes_runtime will affect the data read from the file or the data obtained from the database query,
magic_quotes_gpc escapes the data passed through GET, POST, and COOKIE. Generally, it must be escaped before the data is stored in the database.magic_quotes_gpc cannot be dynamically turned on or off in the code. You need to set magic_quotes_gpc to php.ini. on or off,
You can use get_magic_quotes_gpc to get the status of magic_quotes_gpc in the code.
When magic_quotes_gpc is off, you need to manually addlashes the data. The code is as follows:
Copy the code
new_addslashes($_COOKIE);
}
function new_addslashes($ string) {
if (is_array($string)) {
foreach ($string as $key => $value) {
$string[$key] = new_addslashes($value);
>
Copy code
The code is as follows:
$data1 = $_POST['aaa'];
$data2 = implode(file ('1.txt'));
if (get_magic_quotes_gpc()) {
//Write the data $data1 directly into the database
// The data read from the database will be output after stripslashes() once
} else {
$data2 = addslashes($data2);
//Write the data $data2 into the database
//From The data read from the database is directly output
}
++++++++++++++++++++++++++++++++++++++++++++ +++++++
Experience summary:
1. For GPC, regardless of whether magic_quotes_gpc is turned on in the system (that is, magic_quotes_gpc = On in php.ini), we turn on magic_quotes_gpc uniformly and escape the contents of get, post, and cookie. . The operation is as follows:
(extracted from uchome system)
function saddslashes($string) {
if (is_array($string)) {
foreach ($string as $key => $val) {
$string[$key] = saddslashes($val);
}
} else {
);
if(empty($magic_quote)) {
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
}
// COOKIE, escape the cookie value
$prelength = strlen($_SC['cookiepre']);
foreach ($_COOKIE as $key => $val) {
if(substr($key , 0, $prelength) == $_SC['cookiepre']) {
$_SCOOKIE[(substr($key, $prelength))] = empty($magic_quote) ? saddslashes($val) : $val;
}
}
2. For magic_quotes_runtime, we turn it off uniformly, that is, set_magic_quotes_runtime(0); do not allow single quotes, double quotes and inverse quotes of data read from the database Slashes are added automatically. In this way, the operations on the database are as follows: before adding data to the database, we manually perform addslashes() on the data, and when fetching data from the database, the opposite operation is performed, that is, stripslashes().
3. For the content to be serialized, keep the bare data, that is, remove the escape, stripslashes(), and then save the serialized content to the database (note that the serialized content Without single quotes ('), double quotes ("), or backslashes ()), the example is as follows:
$feedarr['body_data'] = serialize(stripslashes($body_data));
Is there a problem with Function set_magic_quotes_runtime() is deprecated?
Deprecated: Function set_magic_quotes_runtime() is deprecated error occurred when installing PHPCMS. I checked the network and information and found that the set_magic_quotes_runtime() function was removed after PHP5.3 and PHP6.0. I can use the following alternative:
view sourceprint?
@set_magic_quotes_runtime(0);
or
ini_set("magic_quotes_runtime", 0);
view sourceprint?
if (phpversion() < '5.3.0') {
set_magic_quotes_runtime(0);
http://www.bkjia.com/PHPjc/326823.html
true