Of Stack

PHP escape USES detail

  • 2020-07-21 07:18:41
  • OfStack

Magic reference function magic_quotes_gpc or magic_quotes_runtime for data in php

When set to on, it automatically adds a backslash to the data we are referring to when it encounters single and double quotes, as well as backslash \ to help us automatically translate the symbol and ensure that the data operation runs correctly
Differences between the two:

magic_quotes_gpc
Scope: WEB client server;
Action time: The request starts when, for example, the script is running.

magic_quotes_runtime
Scope: data read from a file or the result of executing exec() or from an SQL query;
Impact time: Each time the script accesses the data generated in the run state.

It can be seen that
The setting value of magic_quotes_gpc will affect the data obtained through Get/Post/Cookies
The set value of magic_quotes_runtime will affect the data read from a file or retrieved from a database query

Several functions to be associated with:
set_magic_quotes_runtime():
Set magic_quotes_runtime value. 0= off.1= on. Check the magic_quotes_runtime
get_magic_quotes_gpc():
View the magic_quotes_gpc value.0= close.1= open
get_magic_quotes_runtime():
View the magic_quotes_runtime value. 0= close.1= open.
Note that there is no set_magic_quotes_gpc(), but you cannot set the value of magic_quotes_gpc in the program.

Due to the problem of setting two values, it will cause partial confusion or one more escape. In this case, it is necessary to set and judge at the beginning of the program, or the default configuration
Both values are off. The escape part is executed programmatically.

addslashes is usually used to make sure that the data is inserted properly, and stripslashes is used to remove the backslash when reading out the data

A similar character conversion function in php
Adds a backslash to the predefined characters specified by addslashes
stripslashes removes backslashes added by the addslashes() function
htmlspecialchars converts 1 of some predefined characters to HTML entities
htmlspecialchars_decode converts 1 of some predefined HTML entities to characters
html_entity_decode() converts HTML entities to characters
htmlentities() converts characters to HTML entities

Related articles: