Introduction to the usage of php get_magic_quotes_gpc() function-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Introduction to the usage of php get_magic_quotes_gpc() function

怪我咯

May 22, 2017 am 11:21 AM

php What is the function of get_magic_quotes_gpc() function?

When I explained the difference between the php stripslashes() function and the addslashes() function earlier, I mentioned the get_magic_quotes_gpc() function, so what does this function do? This chapter will introduce some descriptions of the get_magic_quotes_gpc()

function and its related matters.

The get_magic_quotes_gpc function is used to determine whether slashes are added to the data provided by the user. This is in the php.ini configuration file. The get_magic_quotes_gpc() function is introduced in detail below.

get_magic_quotes_gpc function introduction

Get the value of the PHP environment variable magic_quotes_gpc, which is a PHP system function.

Syntax:

 long get_magic_quotes_gpc(void);

Return value: long integer

This function obtains the variable magic_quotes_gpc (GPC, Get/Post/Cookie) value. Returning 0 means turning off this function; returning 1 means turning this function on. When magic_quotes_gpc is turned on, all ' (single quotes), " (double quotes), (backslashes) and null characters will automatically be converted to overflow characters containing backslashes.

In the php configuration file There is a Boolean setting, magic_quotes_runtime. When it is turned on, most of PHP's functions automatically add backslashes to overflow characters in data imported from the outside (including databases or files). Of course, if they are given repeatedly. If you add a backslash to the overflow character, there will be multiple backslashes in the string, so you need to use set_magic_quotes_runtime() and get_magic_quotes_runtime() to set and detect the magic_quotes_runtime status in the php.ini file

. In order to make your program execute normally regardless of the server settings, you can use get_magic_quotes_runtime to detect the status of the setting at the beginning of the program to determine whether to process it manually, or use set_magic_quotes_runtime(0) at the beginning (or when automatic escaping is not required). Turn off this setting.

magic_quotes_gpc sets whether to automatically add backslashes to the '"\ in the data sent by GPC (get, post, cookie). You can use get_magic_quotes_gpc() to detect system settings. If this setting is not turned on, you can use the addslashes() function to add it. Its function is to add backslashes before certain characters when required in database query statements. These characters are single quote ('), double quote ("), backslash (\) and NUL (NULL character).

PS: Starting from PHP 5.3.0 Deprecated and removed from PHP 5.4.0. This option has been removed in PHP6, and all programming needs to be done under magic_quotes_gpc=Off. In such an environment, if the user's data is not escaped, the consequences are not only It's just a program error. The same will cause the risk of database injection attacks, so from now on, don't rely on this setting to be On, lest your server needs to be updated to PHP6 one day and your program will not work properly.

##Example

php determines whether the get_magic_quotes_gpc function is enabled, so that we can decide whether to use the addslashes function

function SQLString($c, $t){
 $c=(!get_magic_quotes_gpc())?addslashes($c):$c;
 switch($t){
  case &#39;text&#39;:
   $c=($c!=&#39;&#39;)?"&#39;".$c."&#39;":&#39;NULL&#39;;
   break;
  case &#39;search&#39;:
   $c="&#39;%%".$c."%%&#39;";
   break;
  case &#39;int&#39;:
   $c=($c!=&#39;&#39;)?intval($c):&#39;0&#39;;
   break;
 }
 return $c;
}

The correct way to use get_magic_quotes_gpc() to prevent database attacks

The code is as follows

<?php
function check_input($value)
{
// 去除斜杠
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// 如果不是数字则加引号
if (!is_numeric($value))
{
$value = “‘” . mysql_real_escape_string($value) . “‘”;
}
return $value;
}
$con = mysql_connect(“localhost”, “hello”, “321″);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}
// 进行安全的 SQL
$user = check_input($_POST[&#39;user&#39;]);
$pwd = check_input($_POST[&#39;pwd&#39;]);
$sql = “SELECT * FROM users WHERE
user=$user AND password=$pwd”;
mysql_query($sql);
mysql_close($con);
?>

Summary: The function of get_magic_quotes_gpc() is to get the value of the environment variable magic_quotes_gpc. Remember to delete it in PHP6. The magic_quotes_gpc option is removed, so this function no longer exists in PHP6

[Related article recommendations]:

php addslashes() function and stripslashes() function examples. Detailed explanation

Detailed explanation of the difference between php stripslashes() function and addslashes() function

The above is the detailed content of Introduction to the usage of php get_magic_quotes_gpc() function. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What is the difference between unset() and session_destroy()?May 04, 2025 am 12:19 AM

Thedifferencebetweenunset()andsession_destroy()isthatunset()clearsspecificsessionvariableswhilekeepingthesessionactive,whereassession_destroy()terminatestheentiresession.1)Useunset()toremovespecificsessionvariableswithoutaffectingthesession'soveralls

What is sticky sessions (session affinity) in the context of load balancing?May 04, 2025 am 12:16 AM

Stickysessionsensureuserrequestsareroutedtothesameserverforsessiondataconsistency.1)SessionIdentificationassignsuserstoserversusingcookiesorURLmodifications.2)ConsistentRoutingdirectssubsequentrequeststothesameserver.3)LoadBalancingdistributesnewuser

What are the different session save handlers available in PHP?May 04, 2025 am 12:14 AM

PHPoffersvarioussessionsavehandlers:1)Files:Default,simplebutmaybottleneckonhigh-trafficsites.2)Memcached:High-performance,idealforspeed-criticalapplications.3)Redis:SimilartoMemcached,withaddedpersistence.4)Databases:Offerscontrol,usefulforintegrati

What is a session in PHP, and why are they used?May 04, 2025 am 12:12 AM

Session in PHP is a mechanism for saving user data on the server side to maintain state between multiple requests. Specifically, 1) the session is started by the session_start() function, and data is stored and read through the $_SESSION super global array; 2) the session data is stored in the server's temporary files by default, but can be optimized through database or memory storage; 3) the session can be used to realize user login status tracking and shopping cart management functions; 4) Pay attention to the secure transmission and performance optimization of the session to ensure the security and efficiency of the application.

Explain the lifecycle of a PHP session.May 04, 2025 am 12:04 AM

PHPsessionsstartwithsession_start(),whichgeneratesauniqueIDandcreatesaserverfile;theypersistacrossrequestsandcanbemanuallyendedwithsession_destroy().1)Sessionsbeginwhensession_start()iscalled,creatingauniqueIDandserverfile.2)Theycontinueasdataisloade

What is the difference between absolute and idle session timeouts?May 03, 2025 am 12:21 AM

Absolute session timeout starts at the time of session creation, while an idle session timeout starts at the time of user's no operation. Absolute session timeout is suitable for scenarios where strict control of the session life cycle is required, such as financial applications; idle session timeout is suitable for applications that want users to keep their session active for a long time, such as social media.

What steps would you take if sessions aren't working on your server?May 03, 2025 am 12:19 AM

The server session failure can be solved through the following steps: 1. Check the server configuration to ensure that the session is set correctly. 2. Verify client cookies, confirm that the browser supports it and send it correctly. 3. Check session storage services, such as Redis, to ensure that they are running normally. 4. Review the application code to ensure the correct session logic. Through these steps, conversation problems can be effectively diagnosed and repaired and user experience can be improved.

What is the significance of the session_start() function?May 03, 2025 am 12:18 AM

session_start()iscrucialinPHPformanagingusersessions.1)Itinitiatesanewsessionifnoneexists,2)resumesanexistingsession,and3)setsasessioncookieforcontinuityacrossrequests,enablingapplicationslikeuserauthenticationandpersonalizedcontent.

See all articles