Introduction to the usage of php get_magic_quotes_gpc() function

php What is the function of get_magic_quotes_gpc() function?

When I explained the difference between the php stripslashes() function and the addslashes() function earlier, I mentioned the get_magic_quotes_gpc() function, so what does this function do? This chapter will introduce some descriptions of the get_magic_quotes_gpc()

function and its related matters.

The get_magic_quotes_gpc function is used to determine whether slashes are added to the data provided by the user. This is in the php.ini configuration file. The get_magic_quotes_gpc() function is introduced in detail below.

get_magic_quotes_gpc function introduction

Get the value of the PHP environment variable magic_quotes_gpc, which is a PHP system function.

Syntax:

 long get_magic_quotes_gpc(void);

Return value: long integer

This function obtains the variable magic_quotes_gpc (GPC, Get/Post/Cookie) value. Returning 0 means turning off this function; returning 1 means turning this function on. When magic_quotes_gpc is turned on, all ' (single quotes), " (double quotes), (backslashes) and null characters will automatically be converted to overflow characters containing backslashes.

In the php configuration file There is a Boolean setting, magic_quotes_runtime. When it is turned on, most of PHP's functions automatically add backslashes to overflow characters in data imported from the outside (including databases or files). Of course, if they are given repeatedly. If you add a backslash to the overflow character, there will be multiple backslashes in the string, so you need to use set_magic_quotes_runtime() and get_magic_quotes_runtime() to set and detect the magic_quotes_runtime status in the php.ini file

. In order to make your program execute normally regardless of the server settings, you can use get_magic_quotes_runtime to detect the status of the setting at the beginning of the program to determine whether to process it manually, or use set_magic_quotes_runtime(0) at the beginning (or when automatic escaping is not required). Turn off this setting.

magic_quotes_gpc sets whether to automatically add backslashes to the '"\ in the data sent by GPC (get, post, cookie). You can use get_magic_quotes_gpc() to detect system settings. If this setting is not turned on, you can use the addslashes() function to add it. Its function is to add backslashes before certain characters when required in database query statements. These characters are single quote ('), double quote ("), backslash (\) and NUL (NULL character).

PS: Starting from PHP 5.3.0 Deprecated and removed from PHP 5.4.0. This option has been removed in PHP6, and all programming needs to be done under magic_quotes_gpc=Off. In such an environment, if the user's data is not escaped, the consequences are not only It's just a program error. The same will cause the risk of database injection attacks, so from now on, don't rely on this setting to be On, lest your server needs to be updated to PHP6 one day and your program will not work properly.

##Example

.

function SQLString($c, $t){
 $c=(!get_magic_quotes_gpc())?addslashes($c):$c;
 switch($t){
  case 'text':
   $c=($c!='')?"'".$c."'":'NULL';
   break;
  case 'search':
   $c="'%%".$c."%%'";
   break;
  case 'int':
   $c=($c!='')?intval($c):'0';
   break;
 }
 return $c;
}

<?php
function check_input($value)
{
// 去除斜杠
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// 如果不是数字则加引号
if (!is_numeric($value))
{
$value = “‘” . mysql_real_escape_string($value) . “‘”;
}
return $value;
}
$con = mysql_connect(“localhost”, “hello”, “321″);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}
// 进行安全的 SQL
$user = check_input($_POST[&#39;user&#39;]);
$pwd = check_input($_POST[&#39;pwd&#39;]);
$sql = “SELECT * FROM users WHERE
user=$user AND password=$pwd”;
mysql_query($sql);
mysql_close($con);
?>

php addslashes() function and stripslashes() function examples. Detailed explanation

Detailed explanation of the difference between php stripslashes() function and addslashes() function

The above is the detailed content of Introduction to the usage of php get_magic_quotes_gpc() function. For more information, please follow other related articles on the PHP Chinese website!