Detailed usage of PHP magic_quotes_gpc

PHP magic_quotes_gpc is mainly used by WEB client, and it starts from the request. We will explain how to use it in detail.
AD:
Today we are going to introduce PHP magic_quotes_gpc. There is a special function magic function known in PHP that only works when $_GET,$_POST,$_COOKIE are passed during the reference.
The & # 8226; The correct use of the PHP function preg_split
The & # 8226; Read the specific usage of the PHP function explode()
The & # 8226; The PHP function implode() differs from the explode() function
The & # 8226; How does PHP class CMS get keywords automatically
The & # 8226; Discuss how the PHP function split() USES regular expression cuts

1.
PHP magic_quotes_gpc=off
Strings written to the database are not filtered in any way. The strings read from the database are also not processed.
Data: $data= "snow" "sun"; There are four consecutive single quotes between snow and sun.
Operation: Write the string "snow" "sun" to the database,
Results: sql statement error occurred, mysql could not successfully complete sql statement, write to the database failed.
Database save format: no data.
Output data format: no data.
Note: Unprocessed single quotes will cause an error in the sql statement when written to the database.

2.
Conditions: PHP magic_quotes_gpc=off
The string written to the database is processed by the function addlashes(). The string read from the database is not processed.
Data: $data= "snow" "sun"; There are four consecutive single quotes between snow and sun.
Operation: Write the string "snow" "sun" to the database,
Results: THE sql statement was executed successfully and the data was written to the database
Database save format: snow "" sun (and input 1 sample)
Output data format: snow "" sun (like input)
Note: the addslashes() function converts the single quote to the escape character \' to make the sql statement execute successfully,
But \' is not stored as data in the database, the database holds snow "'sun rather than snow\'\'\'\' \'sun as we imagined

3.
PHP magic_quotes_gpc=on
The string written to the database has not been processed. The string read from the database is not processed.
Data: $data= "snow" "sun"; There are four consecutive single quotes between snow and sun.
Operation: Write the string: "snow" "sun" to the database,
Results: sql statement executed smoothly and the data was written to the database successfully
Database save format: snow "" sun (and input 1 sample)
Output data format: snow "" sun (like input)
PHP magic_quotes_gpc=on Successfully executed the sql statement by converting the single quote to \'.
But \' is not in the database as data, the database holds snow "" sun rather than snow\'\'\'\' \'sun as we imagined.

4.
Conditions: PHP magic_quotes_gpc=on
The string written to the database is processed by the function addlashes(). The string read from the database is not processed.
Data: $data= "snow" "sun"; There are four consecutive single quotes between snow and sun.
Operation: Write the string: "snow" "sun" to the database,
Results: sql statement executed smoothly and the data was written to the database successfully
Database save format: snow\'\'\'\'sun (escape characters added)
Output data format: snow\'\'\'\'sun (escape characters added)
PHP magic_quotes_gpc=on Escapes the single quotation mark to \' to make the sql statement execute successfully.
addslashes in turn converts single quotes that are about to be written to the database to \', and the latter conversion is written as data
The database holds snow\'\'\'\' \'sun

To sum up:
1. For the case of PHP magic_quotes_gpc=on,
We can leave the input and output database string data alone
addslashes() and stripslashes() operation, the data will also be displayed normally.
If at this point you have done addslashes() to the input data,
You must use stripslashes() to get rid of the redundant backslashes in the output.

2. For the case of PHP magic_quotes_gpc=off
The input data must be processed using addslashes(), but the output does not need to be formatted using stripslashes()
Because addslashes() did not write the backslash 1 to the database, it only helped mysql complete the execution of the sql statement.

Supplement:
PHP magic_quotes_gpc scope: WEB client; Action time: at the beginning of a request, such as when a script is running.
magic_quotes_runtime Scope: Data read from a file or the result of executing exec() or from a SQL query; Impact time: Each time the script accesses the data generated in the run state