doushu5805 2010-04-22 05:55
浏览 82
已采纳

使用magic_quotes()会影响mysql_real_escape_string()的使用吗?

If I have magic_quotes switched on and I use mysql_real_escape_string, will the string be double escaped? Will it cause problems?

I assume so based on the get_magic_quotes() function but just seeking confirmation.

(P.S. It's easier to ask this question than test it in my office with all the security we have in place - It takes me 10-15 to configure everything to get a usable environment)

  • 写回答

4条回答 默认 最新

  • douxian1895 2010-04-22 06:04
    关注

    If you escape a value obtained from get/post/cookie input, it will already have addslashes() applied to it, so passing it through mysql_real_escape_string() will in fact, double quote.

    To strip em:

    if (get_magic_quotes_gpc())
{
    $_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
    $_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
    $_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
    $_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
    ini_set('magic_quotes_gpc', 0);
}

    This question has some other options for stripping quotes / dealing with the horrible magic_quotes_gpc PHP 'feature'.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 有没有哥看着画下电路
  • ¥15 STM32阿里云平台显示不了传感器采集的数据
  • ¥20 三菱FX系列PLC上位机串口下指令置位M64和M65,这两条指令分别是什么呢?
  • ¥15 有关结冰模拟程序咨询
  • ¥15 ubuntu服务器配置dns域名后无法访问其他域名
  • ¥50 本人复制了一个关于股票指标的代码,但是运行失败,有没有人帮我解决一下
  • ¥50 用matlab和numeca做透平机械流体力学和热力学模拟 价格可议
  • ¥15 Unity3D WebView
  • ¥20 论文AlphaTensor复现(有偿)
  • ¥15 (有偿)在ANSYS中 .anf文件