search
HomeBackend DevelopmentPHP TutorialIntroduction to the usage of php get_magic_quotes_gpc() function

php What is the function of get_magic_quotes_gpc() function?

When I explained the difference between the php stripslashes() function and the addslashes() function earlier, I mentioned the get_magic_quotes_gpc() function, so what does this function do? This chapter will introduce some descriptions of the get_magic_quotes_gpc()

function and its related matters.

The get_magic_quotes_gpc function is used to determine whether slashes are added to the data provided by the user. This is in the php.ini configuration file. The get_magic_quotes_gpc() function is introduced in detail below.

get_magic_quotes_gpc function introduction

Get the value of the PHP environment variable magic_quotes_gpc, which is a PHP system function.

Syntax:

 long get_magic_quotes_gpc(void);

Return value: long integer

This function obtains the variable magic_quotes_gpc (GPC, Get/Post/Cookie) value. Returning 0 means turning off this function; returning 1 means turning this function on. When magic_quotes_gpc is turned on, all ' (single quotes), " (double quotes), (backslashes) and null characters will automatically be converted to overflow characters containing backslashes.

In the php configuration file There is a Boolean setting, magic_quotes_runtime. When it is turned on, most of PHP's functions automatically add backslashes to overflow characters in data imported from the outside (including databases or files). Of course, if they are given repeatedly. If you add a backslash to the overflow character, there will be multiple backslashes in the string, so you need to use set_magic_quotes_runtime() and get_magic_quotes_runtime() to set and detect the magic_quotes_runtime status in the php.ini file

. In order to make your program execute normally regardless of the server settings, you can use get_magic_quotes_runtime to detect the status of the setting at the beginning of the program to determine whether to process it manually, or use set_magic_quotes_runtime(0) at the beginning (or when automatic escaping is not required). Turn off this setting.

magic_quotes_gpc sets whether to automatically add backslashes to the '"\ in the data sent by GPC (get, post, cookie). You can use get_magic_quotes_gpc() to detect system settings. If this setting is not turned on, you can use the addslashes() function to add it. Its function is to add backslashes before certain characters when required in database query statements. These characters are single quote ('), double quote ("), backslash (\) and NUL (NULL character).

PS: Starting from PHP 5.3.0 Deprecated and removed from PHP 5.4.0. This option has been removed in PHP6, and all programming needs to be done under magic_quotes_gpc=Off. In such an environment, if the user's data is not escaped, the consequences are not only It's just a program error. The same will cause the risk of database injection attacks, so from now on, don't rely on this setting to be On, lest your server needs to be updated to PHP6 one day and your program will not work properly.

##Example

php determines whether the get_magic_quotes_gpc function is enabled, so that we can decide whether to use the addslashes function

.

function SQLString($c, $t){
 $c=(!get_magic_quotes_gpc())?addslashes($c):$c;
 switch($t){
  case 'text':
   $c=($c!='')?"'".$c."'":'NULL';
   break;
  case 'search':
   $c="'%%".$c."%%'";
   break;
  case 'int':
   $c=($c!='')?intval($c):'0';
   break;
 }
 return $c;
}

The correct way to use get_magic_quotes_gpc() to prevent database attacks

The code is as follows

<?php
function check_input($value)
{
// 去除斜杠
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// 如果不是数字则加引号
if (!is_numeric($value))
{
$value = “‘” . mysql_real_escape_string($value) . “‘”;
}
return $value;
}
$con = mysql_connect(“localhost”, “hello”, “321″);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}
// 进行安全的 SQL
$user = check_input($_POST[&#39;user&#39;]);
$pwd = check_input($_POST[&#39;pwd&#39;]);
$sql = “SELECT * FROM users WHERE
user=$user AND password=$pwd”;
mysql_query($sql);
mysql_close($con);
?>

Summary: The function of get_magic_quotes_gpc() is to get the value of the environment variable magic_quotes_gpc. Remember to delete it in PHP6. The magic_quotes_gpc option is removed, so this function no longer exists in PHP6

[Related article recommendations]:

1.

php addslashes() function and stripslashes() function examples. Detailed explanation

2.

Detailed explanation of the difference between php stripslashes() function and addslashes() function

The above is the detailed content of Introduction to the usage of php get_magic_quotes_gpc() function. For more information, please follow other related articles on the PHP Chinese website!

Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
php怎么把负数转为正整数php怎么把负数转为正整数Apr 19, 2022 pm 08:59 PM

php把负数转为正整数的方法:1、使用abs()函数将负数转为正数,使用intval()函数对正数取整,转为正整数,语法“intval(abs($number))”;2、利用“~”位运算符将负数取反加一,语法“~$number + 1”。

php怎么实现几秒后执行一个函数php怎么实现几秒后执行一个函数Apr 24, 2022 pm 01:12 PM

实现方法:1、使用“sleep(延迟秒数)”语句,可延迟执行函数若干秒;2、使用“time_nanosleep(延迟秒数,延迟纳秒数)”语句,可延迟执行函数若干秒和纳秒;3、使用“time_sleep_until(time()+7)”语句。

php字符串有没有下标php字符串有没有下标Apr 24, 2022 am 11:49 AM

php字符串有下标。在PHP中,下标不仅可以应用于数组和对象,还可应用于字符串,利用字符串的下标和中括号“[]”可以访问指定索引位置的字符,并对该字符进行读写,语法“字符串名[下标值]”;字符串的下标值(索引值)只能是整数类型,起始值为0。

php怎么除以100保留两位小数php怎么除以100保留两位小数Apr 22, 2022 pm 06:23 PM

php除以100保留两位小数的方法:1、利用“/”运算符进行除法运算,语法“数值 / 100”;2、使用“number_format(除法结果, 2)”或“sprintf("%.2f",除法结果)”语句进行四舍五入的处理值,并保留两位小数。

php怎么根据年月日判断是一年的第几天php怎么根据年月日判断是一年的第几天Apr 22, 2022 pm 05:02 PM

判断方法:1、使用“strtotime("年-月-日")”语句将给定的年月日转换为时间戳格式;2、用“date("z",时间戳)+1”语句计算指定时间戳是一年的第几天。date()返回的天数是从0开始计算的,因此真实天数需要在此基础上加1。

php怎么读取字符串后几个字符php怎么读取字符串后几个字符Apr 22, 2022 pm 08:31 PM

在php中,可以使用substr()函数来读取字符串后几个字符,只需要将该函数的第二个参数设置为负值,第三个参数省略即可;语法为“substr(字符串,-n)”,表示读取从字符串结尾处向前数第n个字符开始,直到字符串结尾的全部字符。

php怎么替换nbsp空格符php怎么替换nbsp空格符Apr 24, 2022 pm 02:55 PM

方法:1、用“str_replace("&nbsp;","其他字符",$str)”语句,可将nbsp符替换为其他字符;2、用“preg_replace("/(\s|\&nbsp\;||\xc2\xa0)/","其他字符",$str)”语句。

php怎么查找字符串是第几位php怎么查找字符串是第几位Apr 22, 2022 pm 06:48 PM

查找方法:1、用strpos(),语法“strpos("字符串值","查找子串")+1”;2、用stripos(),语法“strpos("字符串值","查找子串")+1”。因为字符串是从0开始计数的,因此两个函数获取的位置需要进行加1处理。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

SecLists

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function