Shulou(Shulou.com)06/03 Report--

How to understand the true meaning of PHP escape, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

How to correctly understand the escape of PHP is a perplexing problem for beginners. We briefly describe the specific meaning of PHP escape for you today, hoping to be helpful. PHP escape has been bothering me. Today, I carefully read the PHP manual and finally solved it.

There is a "Magic quotation mark" switch by default in PHP. If this switch is turned on, $_ GET, $_ GET, and $COOKIE transferred from the outside will be PHP escaped.

For example:

Http://localhost/test.PHP?test=1'

Then escape automatically on test.PHP output, as shown below:

Var_dump ($_ GET ['test']

= output=

String (3) "1\'"

The 'shown' has been added and escaped. But there is a problem. When you output this value to a web page, you will see a full screen of\. Here you can use another function, stripslashes can remove\.

The escape of PHP in the manual means that it is recommended not to open "magic quotation marks" because of efficiency, no, it also has the advantage of being very safe for a novice like me.

There are three ways to close magic quotes, because this cannot be closed by PHP, that is, you cannot use ini_set ().

1. Set the PHP.ini.

Magic_quotes_gpc = Off

Magic_quotes_runtime = Off

Magic_quotes_sybase = Off

two。 If you cannot modify the system, you can use .htaccess

PHP_flag magic_quotes_gpc Off

3. PHP escape method of efficiency *

If (get_magic_quotes_gpc ()) {function stripslashes_deep ($value) {$value = is_array ($value)? Array_map ('stripslashes_deep', $value): stripslashes ($value); return $value;} $_ POST = array_map (' stripslashes_deep', $_ POST); $_ GET = array_map ('stripslashes_deep', $_ GET); $_ COOKIE = array_map (' stripslashes_deep', $_ COOKIE);}? >

I would also like to mention a treatment for% when there is LIKE in SQL statements, because addslashes does not escape% _, and these two characters do not need to be escaped in other SQL statements, so I have made up a function like_esc ($value), which is used only when there is a LIKE statement.

For the output to the web page, use stripslashes to\ and escape with htmlspecialchars.

I now have a lazy PHP escape method that also escapes all transfers.

If (! get_magic_quotes_gpc ()) {function addslashes_deep ($value) {$value = is_array ($value)? Array_map ('addslashes_deep', $value): addslashes ($value); return $value;} $_ POST = array_map (' addslashes_deep', $_ POST); $_ GET = array_map ('addslashes_deep', $_ GET); $_ COOKIE = array_map (' addslashes_deep', $_ COOKIE);} is it helpful for you to read the above? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.