前出塞:《PHP的魔术符号magic_quotes_gpc》



前出塞:《PHP的魔术符号magic_quotes_gpc》

就像《前出塞》说的那样,做什么事,方法最重要。如果想深入理解PHP运行机制,那么对PHP的每个函数都要有所了解,PHP的魔术符号设置有三个:magic_quotes_sybase boolean magic_quotes_gpc boolean magic_quotes_runtime boolean
注意:自 PHP 5.3.0 起,已经废弃此这三个特性。强烈建议不要应用此特性。


1.magic_quotes_sybase如果设置此选项开启、在magic_quotes_gpc、magic_quotes_runtime 开启的情况下单引号‘会被单引号’转移而不是被反斜线\转义。同时、此设置会完全覆盖magic_quotes_gpc的设置,即使magic_quotes_gpc被设置为on,双引号“、反斜线\和NUL's也不会被转义。


2.magic_quotes_gpc这个是用来设置GPC($_GET、$_POST、$_COOKIE)的魔术引用状态(在PHP4中也包含$_ENV)。当开启时,所有的单引号(single-quote),双引号(double quote),反斜线(backslash)和NUL's会被反斜线自动转义。当开启magic_quote_sybase为on时,只有单引号(singgle-quote)会被单引号转义为'',反斜线(backslash)和NUL's不受影响不会被转义。


3.magic_quote_runtime如果开启该选项,许多返回外部数据(数据库、文本)的函数将会被反斜线(backslash)转义。如果开启magic_quote_sybase则只有单引号(single-quote)会被单引号转义。



以下是PHP手册的内容:
magic_quotes_gpc boolean
Warning
自 PHP 5.3.0 起,已经废弃此特性。强烈建议不要应用此特性 。

Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.
Note:

In PHP 4, also $_ENV variables are escaped. 前出塞 www.qianchusai.com

Note:

If the magic_quotes_sybase directive is also ON it will completely override magic_quotes_gpc. Having both directives enabled means only single quotes are escaped as ''. Double quotes, backslashes and NUL's will remain untouched and d.

magic_quotes_runtime boolean
Warning
自 PHP 5.3.0 起,已经废弃此特性。强烈建议不要应用此特性 。

If magic_quotes_runtime is enabled, most functions that return data from any sort of external source including databases and text files will have quotes escaped with a backslash. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash.

Functions affected by magic_quotes_runtime (does not include functions from PECL):

get_meta_tags()
file_get_contents()
file()
fgets()
fwrite()
fread()
fputcsv()
stream_socket_recvfrom()
exec()
system()
passthru()
stream_get_contents()
bzread()
gzfile()
gzgets()
gzwrite()
gzread()
phar_file_get_contents()
exif_read_data()
dba_insert()
dba_replace()
dba_fetch()
ibase_fetch_row()
ibase_fetch_assoc()
ibase_fetch_object()
mssql_fetch_row()
mssql_fetch_object()
mssql_fetch_array()
mssql_fetch_assoc()
mysqli_fetch_row()
mysqli_fetch_array()
mysqli_fetch_assoc()
mysqli_fetch_object()
pg_fetch_row()
pg_fetch_assoc()
pg_fetch_array()
pg_fetch_object()
pg_fetch_all()
pg_select()
sybase_fetch_object()
sybase_fetch_array()
sybase_fetch_assoc()
SplFileObject::fgets()
SplFileObject::fgetcsv()
SplFileObject::fwrite()
magic_quotes_sybase boolean
If magic_quotes_sybase is on, a single-quote is escaped with a single-quote instead of a backslash if magic_quotes_gpc or magic_quotes_runtime are enabled. This setting is also respected by addslashes() and stripslashes().

Note:

Note that when magic_quotes_sybase is ON it completely overrides magic_quotes_gpc . In this case even when magic_quotes_gpc is enabled neither double quotes, backslashes or NUL's will be escaped.

Warning
自 PHP 5.3.0 起,已经废弃此特性。强烈建议不要应用此特性 。

你可能感兴趣的:(PHP)