{"id":1012,"date":"2009-12-06T13:12:00","date_gmt":"2009-12-06T05:12:00","guid":{"rendered":"\/?p=1012"},"modified":"2009-12-06T13:12:00","modified_gmt":"2009-12-06T13:12:00","slug":"1012","status":"publish","type":"post","link":"https:\/\/blog.vimge.com\/archives\/php\/1012.html","title":{"rendered":"\u5bf9\u4e8emagic_quotes_gpc\u7684\u4e00\u70b9\u8ba4\u8bc6"},"content":{"rendered":"

       \u6700\u8fd1\u9047\u5230\u4ef6\u633a\u90c1\u95f7\u7684\u4e8b\u60c5\uff0c\u670d\u52a1\u5668\u4e0a\u9762\u88c5\u4e86\u4e24\u6b21\u8f6f\u4ef6\u90fd\u5931\u8d25\uff0c\u5927\u81f4\u95ee\u9898\u51fa\u5728\u6570\u636e\u521d\u59cb\u5316\u4e0a\u9762\uff0c\u731c\u6d4b\u5927\u6982\u662f\u56e0\u4e3a\u5355\u5f15\u53f7\u53cc\u5f15\u53f7\u7684\u95ee\u9898\u5904\u7406\u4e0a\u5427\uff0c\u5373\u6b7b\u6d3b\u8bb0\u4e0d\u8d77\u6765\u662f\u914d\u7f6e\u54ea\u4e2a\u53c2\u6570\u6765\u7740\uff0c\u9042\u627e\u5230\u4e86\u8fd9\u7bc7\u535a\u6587\u3002\u3002\u3002<\/p>\n

      \u4e3a\u4e86\u8fbe\u5230\u66f4\u597d\u7684\u517c\u5bb9\u6027\uff0c\u5176\u4e2d\u7684\u7a0b\u5e8f\u6d89\u53ca\u5230\u4e86magic_quotes_gpc\uff0c\u770b\u4e86\u4e0b\u624b\u518c\uff0c\u53c8\u627e\u4e86\u4e9b\u8d44\u6599\uff0c\u5206\u6790\u4e86\u4e0b\uff0c\u5206\u4eab\u7ed9\u5927\u5bb6\u3002                                     \u6b66\u6c49\u767e\u5ea6\u516c\u53f8<\/font><\/a><\/strong><\/p>\n

blankyao \u8bf4“\u5b66\u4e60\u7684\u8fc7\u7a0b\u5c31\u662f\u4e0d\u65ad\u7684\u53d1\u73b0\u9519\u8bef\uff0c\u4e0d\u65ad\u7684\u6539\u6b63\u9519\u8bef”\uff1b<\/p>\n

\u66f4\u591a\u6587\u7ae0\u8bf7\u8bbf\u95ee
blankyao.cn
\u5148\u770b\u4e0b\u624b\u518c\u4e0a\u600e\u4e48\u8bf4\u7684\u5427\uff01<\/p>\n

\u5bf9\u4e00\u822c\u4eba\u6765\u8bf4\u770b\u4e0b\u524d\u4e24\u6bb5\u5c31\u53ef\u4ee5\u4e86<\/p>\n

Magic Quotes<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
Magic Quotes is a process that automagically escapes incoming data to the PHP script. Its preferred to code with magic quotes off and to instead escape the data at runtime, as needed.<\/p>\n

What are Magic Quotes<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
When on, all (single-quote), " (double quote), \\ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does.   <\/p>\n

There are three magic quote directives: ;<\/p>\n

magic_quotes_gpc<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
Affects HTTP Request data (GET, POST, and COOKIE). Cannot be set at runtime, and defaults to on in PHP.<\/p>\n

magic_quotes_runtime<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
If enabled, most functions that return data from an external source, including databases and text files, will have quotes escaped with a backslash. Can be set at runtime, and defaults to off in PHP.<\/p>\n

magic_quotes_sybase<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
If enabled, a single-quote is escaped with a single-quote instead of a backslash. If on, it completely overrides magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ”. Double quotes, backslashes and NULLs will remain untouched and unescaped.<\/p>\n

Why use Magic Quotes<\/p>\n<\/p>\n

\uff11\u3000Useful for beginners    
  
Magic quotes are implemented in PHP to help code written by beginners from being dangerous. Although SQL Injection is still possible with magic quotes on, the risk is reduced.    
  
\uff12Convenience    
  
For inserting data into a database, magic quotes essentially runs addslashes() on all Get, Post, and Cookie data, and does so automagically.    
  <\/p>\n

Why not to use Magic Quotes<\/p>\n<\/p>\n

\uff11\u3000Portability<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
Assuming it to be on, or off, affects portability. Use get_magic_quotes_gpc() to check for this, and code accordingly.<\/p>\n

\uff12\u3000Performance<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
Because not every piece of escaped data is inserted into a database, there is a performance loss for escaping all this data. Simply calling on the escaping functions (like addslashes()) at runtime is more efficient.    
  
Although php.ini-dist enables these directives by default, php.ini-recommended disables it. This recommendation is mainly due to performance reasons.<\/p>\n

\uff13\u3000Inconvenience<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
Because not all data needs escaping, it’s often annoying to see escaped data where it shouldn’t be. For example, emailing from a form, and seeing a bunch of within the email. To fix, this may require excessive use of stripslashes().<\/p>\n

\u8fd9\u4e9b\u82f1\u6587\u5b9e\u5728\u662f\u9700\u8981\u50cf\u6211\u8fd9\u7c7b\u4eba\u6709\u8db3\u591f\u7684\u8010\u5fc3\u554a\uff08\u4e0d\u662f\u8bf4\u6211\u6709\u8010\u5fc3\uff0c\u800c\u662f\u6211\u82f1\u8bed\u70c2\uff09\uff0c\u521a\u624d\u4e5f\u8bf4\u4e86\uff0c\u5bf9\u4e8e\u4e00\u822c\u4eba\u53ea\u770b\u4e0b\u524d\u4e24\u6bb5\u5c31\u53ef\u4ee5\u4e86\uff0c\u7279\u522b\u662f\u6211\u7528\u7ea2\u8272\u6807\u51fa\u6765\u7684\u5b57\uff01\uff01\uff01<\/p>\n

\u53e6\u5916\uff0c\u7279\u522b\u6ce8\u610f\u7684\u662f\uff0c\u9b54\u672f\u5f15\u7528\u53d1\u751f\u4f5c\u7528\u662f\u5728\u4f20\u9012$_GET,$_POST,$_COOKIE\u65f6<\/p>\n

\u4e0b\u9762\u662f\u6848\u4f8b<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
1.
\u6761\u4ef6\uff1a magic_quotes_gpc=off
\u5199\u5165\u6570\u636e\u5e93\u7684\u5b57\u7b26\u4e32\u672a\u7ecf\u8fc7\u4efb\u4f55\u8fc7\u6ee4\u5904\u7406\u3002\u4ece\u6570\u636e\u5e93\u8bfb\u51fa\u7684\u5b57\u7b26\u4e32\u4e5f\u672a\u4f5c\u4efb\u4f55\u5904\u7406\u3002<\/p>\n

\u6570\u636e\uff1a &#8194;$data="snow””sun" ; (snow\u548csun\u4e4b\u95f4\u662f\u56db\u4e2a\u8fde\u7eed\u7684\u5355\u5f15\u53f7).<\/p>\n

\u64cd\u4f5c\uff1a \u5c06\u5b57\u7b26\u4e32:"snow””sun" \u5199\u5165\u6570\u636e\u5e93\uff0c<\/p>\n

\u7ed3\u679c\uff1a \u51fa\u73b0sql\u8bed\u53e5\u9519\u8bef\uff0cmysql\u4e0d\u80fd\u987a\u5229\u5b8c\u6210sql\u8bed\u53e5\uff0c\u5199\u5165\u6570\u636e\u5e93\u5931\u8d25\u3002<\/p>\n

\u6570\u636e\u5e93\u4fdd\u5b58\u683c\u5f0f\uff1a\u65e0\u6570\u636e\u3002<\/p>\n

\u8f93\u51fa\u6570\u636e\u683c\u5f0f\uff1a\u65e0\u6570\u636e\u3002<\/p>\n

\u8bf4\u660e\uff1a \u5bf9\u4e8e\u672a\u7ecf\u5904\u7406\u7684\u5355\u5f15\u53f7\u5728\u5199\u5165\u6570\u636e\u5e93\u65f6\u4f1a\u4f7fsql\u8bed\u53e5\u53d1\u751f\u9519\u8bef\u3002<\/p>\n

\u6b66\u6c49\u767e\u5ea6\u63a8\u5e7f<\/font><\/a><\/strong><\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
2.
\u6761\u4ef6\uff1a magic_quotes_gpc=off
\u5199\u5165\u6570\u636e\u5e93\u7684\u5b57\u7b26\u4e32\u7ecf\u8fc7\u51fd\u6570addlashes()\u5904\u7406\u3002\u4ece\u6570\u636e\u5e93\u8bfb\u51fa\u7684\u5b57\u7b26\u4e32\u672a\u4f5c\u4efb\u4f55\u5904\u7406\u3002<\/p>\n

\u6570\u636e\uff1a &#8194;$data="snow””sun" ; (snow\u548csun\u4e4b\u95f4\u662f\u56db\u4e2a\u8fde\u7eed\u7684\u5355\u5f15\u53f7).<\/p>\n

\u64cd\u4f5c\uff1a \u5c06\u5b57\u7b26\u4e32:"snow””sun" \u5199\u5165\u6570\u636e\u5e93\uff0c<\/p>\n

\u7ed3\u679c\uff1a sql\u8bed\u53e5\u987a\u5229\u6267\u884c\uff0c\u6570\u636e\u6210\u529f\u5199\u5165\u6570\u636e\u5e93<\/p>\n

\u6570\u636e\u5e93\u4fdd\u5b58\u683c\u5f0f\uff1asnow””sun (\u548c\u8f93\u5165\u4e00\u6837)<\/p>\n

\u8f93\u51fa\u6570\u636e\u683c\u5f0f\uff1asnow””sun (\u548c\u8f93\u5165\u4e00\u6837)<\/p>\n

\u8bf4\u660e\uff1a addslashes()\u51fd\u6570\u5c06\u5355\u5f15\u53f7\u8f6c\u6362\u4e3a’\u7684\u8f6c\u4e49\u5b57\u7b26\u4f7fsql\u8bed\u53e5\u6210\u529f\u6267\u884c\uff0c
\u4f46\\’\u5e76\u672a\u4f5c\u4e3a\u6570\u636e\u5b58\u5165\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u4fdd\u5b58\u7684\u662fsnow”’sun \u800c\u5e76\u4e0d\u662f\u6211\u4eec\u60f3\u8c61\u7684snowsun<\/p>\n<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
3.
\u6761\u4ef6\uff1a magic_quotes_gpc=on
\u5199\u5165\u6570\u636e\u5e93\u7684\u5b57\u7b26\u4e32\u672a\u7ecf\u8fc7\u4efb\u4f55\u5904\u7406\u3002\u4ece\u6570\u636e\u5e93\u8bfb\u51fa\u7684\u5b57\u7b26\u4e32\u672a\u4f5c\u4efb\u4f55\u5904\u7406\u3002<\/p>\n

\u6570\u636e\uff1a &#8194;$data="snow””sun" ; (snow\u548csun\u4e4b\u95f4\u662f\u56db\u4e2a\u8fde\u7eed\u7684\u5355\u5f15\u53f7).<\/p>\n

\u64cd\u4f5c\uff1a \u5c06\u5b57\u7b26\u4e32:"snow””sun" \u5199\u5165\u6570\u636e\u5e93\uff0c<\/p>\n

\u7ed3\u679c\uff1a sql\u8bed\u53e5\u987a\u5229\u6267\u884c\uff0c\u6570\u636e\u6210\u529f\u5199\u5165\u6570\u636e\u5e93<\/p>\n

\u6570\u636e\u5e93\u4fdd\u5b58\u683c\u5f0f\uff1asnow””sun (\u548c\u8f93\u5165\u4e00\u6837)<\/p>\n

\u8f93\u51fa\u6570\u636e\u683c\u5f0f\uff1asnow””sun (\u548c\u8f93\u5165\u4e00\u6837)<\/p>\n

\u8bf4\u660e\uff1a magic_quotes_gpc=on \u5c06\u5355\u5f15\u53f7\u8f6c\u6362\u4e3a’\u7684\u8f6c\u4e49\u5b57\u7b26\u4f7fsql\u8bed\u53e5\u6210\u529f\u6267\u884c\uff0c
\u4f46\\’\u5e76\u672a\u4f5c\u4e3a\u6570\u636e\u5165\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u4fdd\u5b58\u7684\u662fsnow”’sun\u800c\u5e76\u4e0d\u662f\u6211\u4eec\u60f3\u8c61\u7684snowsun\u3002<\/p>\n<\/p>\n

[\u590d\u5236\u5230\u526a\u5207\u677f]
CODE:
4.
\u6761\u4ef6\uff1a magic_quotes_gpc=on
\u5199\u5165\u6570\u636e\u5e93\u7684\u5b57\u7b26\u4e32\u7ecf\u8fc7\u51fd\u6570addlashes()\u5904\u7406\u3002\u4ece\u6570\u636e\u5e93\u8bfb\u51fa\u7684\u5b57\u7b26\u4e32\u672a\u4f5c\u4efb\u4f55\u5904\u7406\u3002<\/p>\n

\u6570\u636e\uff1a &#8194;$data="snow””sun" ; (snow\u548csun\u4e4b\u95f4\u662f\u56db\u4e2a\u8fde\u7eed\u7684\u5355\u5f15\u53f7).<\/p>\n

\u64cd\u4f5c\uff1a \u5c06\u5b57\u7b26\u4e32:"snow””sun" \u5199\u5165\u6570\u636e\u5e93\uff0c<\/p>\n

\u7ed3\u679c\uff1a sql\u8bed\u53e5\u987a\u5229\u6267\u884c\uff0c\u6570\u636e\u6210\u529f\u5199\u5165\u6570\u636e\u5e93<\/p>\n

\u6570\u636e\u5e93\u4fdd\u5b58\u683c\u5f0f\uff1asnowsun (\u6dfb\u52a0\u4e86\u8f6c\u4e49\u5b57\u7b26)<\/p>\n

\u8f93\u51fa\u6570\u636e\u683c\u5f0f\uff1asnowsun (\u6dfb\u52a0\u4e86\u8f6c\u4e49\u5b57\u7b26)<\/p>\n

\u8bf4\u660e\uff1a magic_quotes_gpc=on \u5c06\u5355\u5f15\u53f7\u8f6c\u6362\u4e3a\u7684\u8f6c\u4e49\u5b57\u7b26\u4f7fsql\u8bed\u53e5\u6210\u529f\u6267\u884c\uff0c
addslashes\u53c8\u5c06\u5373\u5c06\u5199\u5165\u6570\u636e\u5e93\u7684\u5355\u5f15\u53f7\u8f6c\u6362\u4e3a,\u540e\u8005\u7684\u8f6c\u6362\u88ab\u4f5c\u4e3a\u6570\u636e\u5199\u5165
\u6570\u636e\u5e93\uff0c\u6570\u636e\u5e93\u4fdd\u5b58\u7684\u662fsnowsun<\/p>\n

\u603b\u7ed3\u5982\u4e0b\uff1a<\/strong><\/p>\n

1. \u5bf9\u4e8emagic_quotes_gpc=on\u7684\u60c5\u51b5\uff0c<\/strong><\/p>\n

\u6211\u4eec\u53ef\u4ee5\u4e0d\u5bf9\u8f93\u5165\u548c\u8f93\u51fa\u6570\u636e\u5e93\u7684\u5b57\u7b26\u4e32\u6570\u636e\u4f5c
addslashes()\u548cstripslashes()\u7684\u64cd\u4f5c,\u6570\u636e\u4e5f\u4f1a\u6b63\u5e38\u663e\u793a\u3002<\/p>\n

\u5982\u679c\u6b64\u65f6\u4f60\u5bf9\u8f93\u5165\u7684\u6570\u636e\u4f5c\u4e86addslashes()\u5904\u7406\uff0c
\u90a3\u4e48\u5728\u8f93\u51fa\u7684\u65f6\u5019\u5c31\u5fc5\u987b\u4f7f\u7528stripslashes()\u53bb\u6389\u591a\u4f59\u7684\u53cd\u659c\u6760\u3002<\/p>\n

2. \u5bf9\u4e8emagic_quotes_gpc=off \u7684\u60c5\u51b5<\/strong><\/p>\n

\u5fc5\u987b\u4f7f\u7528addslashes()\u5bf9\u8f93\u5165\u6570\u636e\u8fdb\u884c\u5904\u7406\uff0c\u4f46\u5e76\u4e0d\u9700\u8981\u4f7f\u7528stripslashes()\u683c\u5f0f\u5316\u8f93\u51fa
\u56e0\u4e3aaddslashes()\u5e76\u672a\u5c06\u53cd\u659c\u6760\u4e00\u8d77\u5199\u5165\u6570\u636e\u5e93\uff0c\u53ea\u662f\u5e2e\u52a9mysql\u5b8c\u6210\u4e86sql\u8bed\u53e5\u7684\u6267\u884c\u3002<\/p>\n

\u8865\u5145\uff1a<\/strong><\/p>\n

magic_quotes_gpc \u4f5c\u7528\u8303\u56f4\u662f\uff1a\uff37\uff25\uff22\u5ba2\u6237\u670d\u52a1\u7aef\uff1b\u4f5c\u7528\u65f6\u95f4\uff1a\u8bf7\u6c42\u5f00\u59cb\u65f6\uff0c\u4f8b\u5982\u5f53\u811a\u672c\u8fd0\u884c\u65f6\uff0e
magic_quotes_runtime \u4f5c\u7528\u8303\u56f4\uff1a\u4ece\u6587\u4ef6\u4e2d\u8bfb\u53d6\u7684\u6570\u636e\u6216\u6267\u884cexec()\u7684\u7ed3\u679c\u6216\u662f\u4ece\uff33\uff31\uff2c\u67e5\u8be2\u4e2d\u5f97\u5230\u7684\uff1b\u4f5c\u7528\u65f6\u95f4\uff1a\u6bcf\u6b21\u5f53\u811a\u672c\u8bbf\u95ee\u8fd0\u884c\u72b6\u6001\u4e2d\u4ea7\u751f\u7684\u6570\u636e<\/p>\n

\u539f\u6587\u5730\u5740\uff1a<\/strong>http:\/\/www.phpfans.net\/bbs\/viewthread.php?tid=6860&page=1&extra=page%3D1<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

       \u6700\u8fd1\u9047\u5230\u4ef6\u633a\u90c1\u95f7\u7684\u4e8b\u60c5\uff0c\u670d\u52a1\u5668\u4e0a\u9762\u88c5\u4e86\u4e24\u6b21\u8f6f\u4ef6\u90fd\u5931\u8d25\uff0c\u5927\u81f4\u95ee\u9898\u51fa\u5728\u6570\u636e\u521d\u59cb\u5316\u4e0a\u9762\uff0c\u731c\u6d4b\u5927\u6982\u662f\u56e0\u4e3a\u5355\u5f15\u53f7\u53cc\u5f15\u53f7\u7684\u95ee\u9898\u5904\u7406\u4e0a\u5427\uff0c\u5373\u6b7b\u6d3b\u8bb0\u4e0d\u8d77\u6765\u662f\u914d\u7f6e\u54ea\u4e2a\u53c2\u6570\u6765\u7740\uff0c\u9042\u627e\u5230\u4e86\u8fd9\u7bc7\u535a\u6587\u3002\u3002\u3002<\/p>\n

      \u4e3a\u4e86\u8fbe\u5230\u66f4\u597d\u7684\u517c\u5bb9\u6027\uff0c\u5176\u4e2d\u7684\u7a0b\u5e8f\u6d89\u53ca\u5230\u4e86magic_quotes_gpc\uff0c\u770b\u4e86\u4e0b\u624b\u518c\uff0c\u53c8\u627e\u4e86\u4e9b\u8d44\u6599\uff0c\u5206\u6790\u4e86\u4e0b\uff0c\u5206\u4eab\u7ed9\u5927\u5bb6\u3002                   <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/posts\/1012"}],"collection":[{"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/comments?post=1012"}],"version-history":[{"count":0,"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/posts\/1012\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/media?parent=1012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/categories?post=1012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.vimge.com\/wp-json\/wp\/v2\/tags?post=1012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}