使用magic_quotes()是否会影响mysql_real_escape_string()的使用 [英] Does using magic_quotes() affect the use of mysql_real_escape_string()
问题描述
如果我打开了magic_quotes
并且使用了mysql_real_escape_string
,该字符串是否会被双转义?会引起问题吗?
If I have magic_quotes
switched on and I use mysql_real_escape_string
, will the string be double escaped? Will it cause problems?
我基于get_magic_quotes()
函数假设是这样,但只是寻求确认.
I assume so based on the get_magic_quotes()
function but just seeking confirmation.
(P.S.提出这个问题比在我们的办公室中使用我们拥有的所有安全性对其进行测试要容易得多-我需要10-15来配置一切才能获得可用的环境)
(P.S. It's easier to ask this question than test it in my office with all the security we have in place - It takes me 10-15 to configure everything to get a usable environment)
推荐答案
如果您对通过get/post/cookie输入获取的值进行转义,则该值将已经具有 addslashes()
应用于它,因此通过mysql_real_escape_string()
传递它实际上将是双引号.
If you escape a value obtained from get/post/cookie input, it will already have addslashes()
applied to it, so passing it through mysql_real_escape_string()
will in fact, double quote.
要剥离em:
if (get_magic_quotes_gpc())
{
$_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
$_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
$_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
$_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
ini_set('magic_quotes_gpc', 0);
}
此问题还有一些其他选项可用于删除引号/处理可怕的magic_quotes_gpc
PHP的功能".
This question has some other options for stripping quotes / dealing with the horrible magic_quotes_gpc
PHP 'feature'.
这篇关于使用magic_quotes()是否会影响mysql_real_escape_string()的使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!