Home>

The server space provided by the general space provider defaults the PHP command magic_quotes_gpc to be on, that is, it is turned on.We usually use the stripslashes () function to remove automatically added backslashes.

Recently I found out that as long as the content of a PHP program form data submission is written into the database, as long as it is content with single or double quotesA backslash will be added at the end.And every time you save a backslash,Very depressed.

So I searched the Internet for the original php program to prevent injection or overflow.The PHP directive magic_quotes_gpc automatically adds backslashes in front of double quotes, single quotes, backslashes, and null.

The default php directive magic_quotes_gpc is on, that is, it is turned on.At this point, you can use the stripslashes () function to remove the automatically added backslash.The usage is:For example, if the variable containing the string is $str, then use the stripslashes () function to process the string:stripslashes ($str), and the output will be stripped of the backslash.

So I used the stripslashes () function to read the contents of the string.That is, $value=stripslashes ($str), and then save it.

But another problem arose,That's because the local PHP directive magic_quotes_gpc is off. If you use this function,Will remove the normal backslash.This is not what we want.

The solution is to useFunction get_magic_quotes_gpc () to detect,If it is open,Then remove the backslash,If it is closed,The backslash is not removed.

The program code is as follows:

$str=$_ post ["str"];//Read the contents of str and assign them to the $str variable
if (get_magic_quotes_gpc ()) //If get_magic_quotes_gpc () is on
{$str=stripslashes ($str);//Process the string
}

Here are three ways to solve this problem:

Method 1:Modify the php configuration file php.ini

This method is only suitable if you have the right to manage the server.If you use virtual space,Then only the last two methods can be used.

Set magic_quotes_gpc, magic_quotes_runtime, and magic_quotes_sybase to all off in the php configuration file php.ini. As follows:

magic_quotes_gpc=off

magic_quotes_runtime=off

magic_quotes_sybase=off

Method 2:Use .htaccess file

This method only works if the server supports htaccess.Currently supported by servers

Under the program directory.Add the following sentence to the htaccess file:

php_flag magic_quotes_gpc off

Method 3:Mask in code

This method is the most portable,Regardless of server configuration,You can use it as long as it supports php.

Add the following code at the beginning of all php files

if (get_magic_quotes_gpc ()) {
   function stripslashes_deep ($value) {
     $value=is_array ($value)?array_map ("stripslashes_deep", $value):stripslashes ($value);
     return $value;
   }
   $_post=array_map ("stripslashes_deep", $_ post);
   $_get=array_map ("stripslashes_deep", $_ get);
   $_cookie=array_map ("stripslashes_deep", $_ cookie);
   $_request=array_map ("stripslashes_deep", $_ request);
 }

The above introduction is the reason why this article introduces the php form to automatically add a backslash before the quotes and three ways to close PHP magic quotes.Hope you like it.

php
  • Previous Explain in detail the operation of JavaScript on Date objects (generate an array with a countdown of 7 days)
  • Next Simple Web voting program code implemented by JSP