Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How php shuts down magic_quotes_gpc

2025-04-05 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

Today, the editor will share with you the relevant knowledge points about how php shuts down magic_quotes_gpc. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's take a look at it.

The way php closes magic_quotes_gpc: 1. Set the "magic_quotes_gpc" of php.ini to Off;2, and write "php_value magic_quotes_gpc Off" in ".htaccess".

This article operating environment: windows7 system, PHP7.1 version, DELL G3 computer

How does php shut down magic_quotes_gpc?

The influence of closing magic_quotes_gpc by PHP6 and PHP7 on the program

Before PHP5, magic_quotes_gpc is enabled by default. The role of magic_quotes_gpc is very subtle. I have been using PHP5 for many years. Magic_quotes_gpc is on and is usually unaffected. Until the Cookies of PHP is found, if there are punctuation marks like this, in Cookies, all these symbols will be escaped as\'.

After consulting a large amount of data, the solution is to set the magic_quotes_gpc of php.ini to Off, or not to change php.ini, set magic_quotes_gpc to Off in .htaccess, by writing in .htaccess:

Php_value magic_quotes_gpc Off

The php.ini of PHP6 and PHP7 does not have the option of magic_quotes_gpc, so it is actually turned off. After magic_quotes_gpc is closed, in order to enhance security, all the original $_ POST ['abc'] and $_ GET [' abc'] are best escaped with stripslashes (), for example:

$aa=stripslashes ($_ POST ['abc']); $aa=stripslashes ($_ GET [' abc'])

After PHP shuts down magic_quotes_gpc, there is a very special impact. For example, in the post form, if the message sent happens to have the backslash character\, if it is received with stripslashes ($_ POST ['abc']), all the backslash characters will be deleted. For example, in an important project, the submitted content is: W:\ ac3\ about, and the received content becomes: W:ac3about.

(for this effect, it is possible that the backslash will be deleted under the native PHP, and some servers will not.)

After testing, the solution is to remove the stripslashes and the backslash character will not be replaced, for example:

$aa=$_POST ['abc']

But this will lead to insecurity, and the solution is to put the submitted information

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report