The difference, function and usage of magic_quotes_gpc and magic_quotes_runtime in PHP_PHP Tutorial

Magic quotes take effect when $_GET, $_POST, $_COOKIE is passed
1.
Condition: magic_quotes_gpc=off
The string written to the database has not been filtered in any way. The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" to the database ,
Result: A sql statement error occurred, mysql could not successfully complete the sql statement, and failed to write to the database.
Database saving format: No data.
Output data format: No data.
Note: Unprocessed single quotes will cause errors in sql statements when written to the database.
2.
Condition: magic_quotes_gpc=off
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" to the database ,
Result: The sql statement was successfully executed and the data was successfully written into the database
Database saving format: snow”''sun (same as input)
Output data format: snow”''sun (same as input)
Note: The addslashes() function converts single quotes into 'escape characters so that the sql statement can be successfully executed.
But ' is not stored in the database as data. The database saves snow"''sun instead of We imagine snow''''sun
3.
Condition: magic_quotes_gpc=on
The string written to the database is not processed in any way. The string read from the database is not processed in any way. >Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" into the database,
Result: The sql statement was executed smoothly and the data was successfully written into the database
Database saving format: snow”''sun (same as input)
Output data format: snow”''sun (same as input)
Explanation: magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be successfully executed.
But ' is not entered into the database as data. The database saves snow"''sun instead of the snow we imagined. ''''sun.
4.
Condition: magic_quotes_gpc=on
The string written to the database is processed by the function addlashes(). The string read from the database is not processed in any way.
Data: $data="snow"''sun"; (There are four consecutive single quotes between snow and sun).
Operation: Write the string: "snow"''sun" to the database ,
Result: The sql statement was successfully executed and the data was successfully written into the database
Database saving format: snow''''sun (escape characters added)
Output data format: snow''''sun ( Added escape characters)
Description: magic_quotes_gpc=on converts single quotes into 'escape characters so that the sql statement can be successfully executed.
addslashes converts single quotes about to be written into the database into ', the latter The conversion is written into the
database as data, and the database saves snow''''sun
The summary is as follows:
1. For the case of magic_quotes_gpc=on,
we can not input and output the database String data can be operated by
addslashes() and stripslashes(), and the data will be displayed normally.
If you perform addslashes() on the input data at this time,
then you must use stripslashes() to remove excess backslashes when outputting.
2. For the case of magic_quotes_gpc=off
addslashes() must be used to process the input data, but there is no need to use stripslashes() to format the output
because addslashes() does not include backslashes together Writing to the database just helps mysql complete the execution of the sql statement.
Supplementary:
magic_quotes_gpc scope is: WEB client server; action time: when the request starts, such as when the script is running.
magic_quotes_runtime scope: data read from a file or the result of executing exec() or obtained from a SQL query; action time: every time the script accesses the data generated in the running state
=== ========= The difference and usage of magic_quotes_gpc and magic_quotes_runtime =============
PHP provides two magic reference functions magic_quotes_gpc and magic_quotes_runtime that are convenient for us to quote data. If this function is set to ON in php.ini, it will automatically add backslashes for the data we quote when encountering single quotes ' and double quotes ', and backslashes, helping us automatically translate symbols and ensure data operation. It runs correctly, but under different versions of PHP or different server configurations, some magic_quotes_gpc and magic_quotes_runtime are set to on, and some are set to off, so the program we write must comply with both on and off conditions.So what is the difference between the two functions magic_quotes_gpc and magic_quotes_runtime? See the description below:
magic_quotes_gpc
Scope is: WEB client server;
Action time: The request starts, for example when the script is running.
magic_quotes_runtime
Scope: Data read from a file or the result of executing exec() or obtained from a SQL query;
Time of action: Every time the script accesses data generated in the running state ．
So
The setting value of magic_quotes_gpc will affect the data obtained through Get/Post/Cookies
The setting value of magic_quotes_runtime will affect the data read from the file or the data obtained from the database query
Example:
Copy content to clipboard
Code:

STR:

/* We fill in the form: " " These symbols, if magic_quotes_gpc is not turned on, then they will not be backslash escaped*/
echo The value passed through POST now Is: ,$_POST[str],
;

if(get_magic_quotes_gpc()) { // Check whether magic_quotes_gpc is turned on, if not, use addslashes to escape
$str = $_POST[str];
} else {
$str = addslashes($_POST[str]);
}

echo Here is the escaped version: ,$str,

---

;
$sql = "INSERT INTO lastnames (lastname) VALUES ($str)";

//================ ================================================== ====================
//-----magic_quotes_gpc will only escape: Data obtained through Get/Post/Cookies
// -----magic_quotes_runtime will escape: data read from a file or the result of executing exec() or obtained from a SQL query
//============== ================================================== ======================
$data = implode(file(try.php)); // We still write the characters " , used to test
echo Here is the data of try.php,;
if (get_magic_quotes_runtime()) {
$data = $data;
echo .$data escaped by the system itself. ;
} else {
echo escaped by addslashes.$data = addslashes($data);
}

$sql = "INSERT INTO lastnames (lastname) VALUES ($ data)";
echo
The SQL statement is:
,$sql;
//---It is escaped when entering the database, but there is an extra backslash. When we want to read the original data, use stripslashes() to remove the backslash
//---stripslashes() and addslashes() have opposite effects
?>

The most critical difference is the two points mentioned above: they target different processing objects
The setting value of magic_quotes_gpc will affect the data obtained through Get/Post/Cookies
magic_quotes_runtime The set value will affect the data read from the file or the data obtained from the database query
Here are a few related functions:
set_magic_quotes_runtime():
Set the magic_quotes_runtime value. 0 =Off.1=On. The default state is off. You can view magic_quotes_runtime through echo phpinfo();
get_magic_quotes_gpc():
View magic_quotes_gpc value.0=Off.1=On.
get_magic_quotes_runtime() :
View magic_quotes_runtime value. 0=off. 1=on.
Note that there is no set_magic_quotes_gpc() function, that is, the value of magic_quotes_gpc cannot be set in the program.