(PHP 3>= 3.0.6, PHP 4 , PHP 5)
get_magic_quotes_gpc --
Gets the current configuration setting of magic quotes gpc
Description
int
get_magic_quotes_gpc ( void )
Returns the current configuration setting of magic_quotes_gpc (0 for
off, 1 for on).
注:
If the directive
magic_quotes_sybase is ON it will completely
override magic_quotes_gpc. So even
when get_magic_quotes() returns
TRUE neither double quotes, backslashes or NUL's will
be escaped. Only single quotes will be escaped. In this
case they'll look like: ''
Keep in mind that the setting
magic_quotes_gpc will not work at runtime.
例子 1. get_magic_quotes_gpc() example
<?php echo get_magic_quotes_gpc(); // 1 echo $_POST['lastname']; // O\'reilly echo addslashes($_POST['lastname']); // O\\\'reilly
if (!get_magic_quotes_gpc()) { $lastname = addslashes($_POST['lastname']); } else { $lastname = $_POST['lastname']; }
echo $lastname; // O\'reilly $sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')"; ?>
|
|
In the interests of writing portable code (code that works
in any enviroment), or, if you do not have access to change
php.ini, you may wish to disable the effects of magic quotes
on a per-script basis. This can be done in two ways, with a
directive in a .htaccess file (php_value magic_quotes_gpc 0),
or by adding the below code to the top of your scripts.
例子 2. Disabling magic quotes at runtime
<?php if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value);
return $value; }
$_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); }
|
|
Magic-quotes was added to reduce code written by beginners from being dangerous.
If you disable magic quotes, you must be very careful to protect yourself from
SQL injection attacks.
See also addslashes(),
stripslashes(),
get_magic_quotes_runtime(), and
ini_get().