为什么$ _ POST变量得到在PHP中逃脱？ [英] Why are $_POST variables getting escaped in PHP?

问题描述

在我的PHP脚本从一个AJAX POST请求接收数据时， $ _ POST 变量逃脱。真正奇怪的是，这只是发生我的生产服务器（在Linux上运行PHP 5.2.12），而不是我的本地服务器（在Windows上运行PHP 5.3.1）上。

下面是AJAX code：

  VAR pageRequest = FALSE;
如果（window.XMLHtt prequest）pageRequest =新XMLHtt prequest（）;
否则，如果（window.ActiveXObject）pageRequest =新的ActiveXObject（Microsoft.XMLHTTP）;

pageRequest.onreadystatechange =功能（）{}

VAR q_str ='数据='+';

pageRequest.open（'POST'，'unnamed_pa​​ge.php，真正的）;

pageRequest.setRequestHeader（内容型，应用程序/ x-WWW的形式urlen codeD）;
pageRequest.setRequestHeader（内容长度，q_str.length）;
pageRequest.setRequestHeader（连接，关闭）;

pageRequest.send（q_str）;
 

是否有任何理由，这是怎么回事？而且我应该怎么解决这个问题，以便它工作在两台服务器上？

编辑：我有magic_quotes以下设置：

 本地主

magic_quotes_gpc的开开
magic_quotes_runtime的关关
magic_quotes_sybase关关
 

解决方案

您可能不得不在Linux服务器上启用魔术引号：的 magic_quotes

  

当magic_quotes上，所有的'（单引号），（双引号），\（反斜杠）和NUL的转义成自动反斜杠。

他们是一件好事禁用，因为他们将要在PHP 6起反正删除。 <击>你也应该能够在您的脚本中禁用它们：<一href="http://php.net/manual/en/function.set-magic-quotes-runtime.php">set-magic-quotes-runtime你不能停用负责在运行时转义POST数据magic_quotes的一部分。如果可以的话，禁用它在php.ini中。如果你不能做到这一点，做一次检查是否启用magic_quotes，并做了stripslashes（）函数上的任何内容从POST获取：

 如果（get_magic_quotes_gpc（））
 $ my_post_var =函数stripslashes（$ _ POST [my_post_var]）;
 

When my PHP script receives data from an AJAX POST request, the $_POST variables are escaped. The really strange thing is that this only happens on my production server (running PHP 5.2.12 on Linux) and not on my local server (running PHP 5.3.1 on Windows).

Here is the AJAX code:

var pageRequest = false;
if(window.XMLHttpRequest)     pageRequest = new XMLHttpRequest();
else if(window.ActiveXObject) pageRequest = new ActiveXObject("Microsoft.XMLHTTP");

pageRequest.onreadystatechange = function() { }

var q_str = 'data=' + " ' ";

pageRequest.open('POST','unnamed_page.php',true);

pageRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
pageRequest.setRequestHeader("Content-length", q_str.length);
pageRequest.setRequestHeader("Connection", "close");

pageRequest.send(q_str);

Is there any reason this is happening? And how should I fix this so that it works on both servers?

Edit: I have the following settings for magic_quotes:

                     Local   Master

magic_quotes_gpc     On      On
magic_quotes_runtime Off     Off
magic_quotes_sybase  Off     Off

解决方案

You probably have magic quotes enabled on the Linux server: magic_quotes

When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.

They're a good thing to disable, as they are going to be removed from PHP 6 onwards anyway. You should also be able to disable them inside your script: set-magic-quotes-runtime You can't deactivate the part of magic_quotes responsible for escaping POST data during runtime. If you can, disable it in php.ini. If you can't do that, do a check whether the magic_quotes are enabled, and do a stripslashes() on any content you fetch from POST:

if (get_magic_quotes_gpc())  
 $my_post_var = stripslashes($_POST["my_post_var"]);

这篇关于为什么$ _ POST变量得到在PHP中逃脱？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！