Home > Backend Development > PHP Tutorial > Introduction to the usage of php get_magic_quotes_gpc function

Introduction to the usage of php get_magic_quotes_gpc function

WBOY
Release: 2016-07-29 09:01:30
Original
937 people have browsed it

Reprinted from: Click to open the link

The role of the magic_quotes_gpc function in PHP is to determine and parse the data prompted by the user, such as: post, get, cookie data, add the escape character "" to ensure that these data will not Cause fatal errors in programs, especially database statements due to contamination caused by special characters

In the case of magic_quotes_gpc=On, if the input data contains characters such as

single quotation marks ('), double quotation marks ("), backslash () and NUL (NULL character), they will be added with backslashes. These characters Escape is necessary. If this option is off, then we must call the addslashes function to add escape to the string.

It is precisely because this option must be On, but it also allows users to configure the contradiction, in PHP6 This option has been deleted, and all programming needs to be performed under magic_quotes_gpc=Off. In such an environment, if the user's data is not escaped, the consequences will not only be program errors, but also cause database injection attacks. Danger. So from now on, don’t rely on this setting to be On, lest your server needs to be updated to PHP6 one day and your program will not work properly.


When magic_quotes_gpc=On, The function get_magic_quotes_gpc() will return 1

When magic_quotes_gpc=Off, the function get_magic_quotes_gpc() will return 0


So it can be seen that the function of this get_magic_quotes_gpc() function is to get the value of the environment variable magic_quotes_gpc. The magic_quotes_gpc option was deleted in PHP6, so I think this function no longer exists in PHP6.


php determines whether the get_magic_quotes_gpc function is enabled to facilitate whether we decide to use the addslashes function.

function SQLString($c, $t){
 $c=(!get_magic_quotes_gpc())?addslashes($c):$c;
 switch($t){
  case 'text':
   $c=($c!='')?"'".$c."'":'NULL';
   break;
  case 'search':
   $c="'%%".$c."%%'";
   break;
  case 'int':
   $c=($c!='')?intval($c):'0';
   break;
 }
 return $c;
}
Copy after login

The correct way to prevent database attacks

function check_input($value)
{
// 去除斜杠
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// 如果不是数字则加引号
if (!is_numeric($value))
{
$value = “‘” . mysql_real_escape_string($value) . “‘”;
}
return $value;
}
$con = mysql_connect(“localhost”, “hello”, “321″);
if (!$con)
{
die(‘Could not connect: ‘ . mysql_error());
}
// 进行安全的 SQL
$user = check_input($_POST['user']);
$pwd = check_input($_POST['pwd']);
$sql = “SELECT * FROM users WHERE
user=$user AND password=$pwd”;
mysql_query($sql);
mysql_close($con);
?>
Copy after login


The above has introduced the usage of the php get_magic_quotes_gpc function, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.


Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template