为什么 $_POST 变量在 PHP 中被转义? [英] Why are $_POST variables getting escaped in PHP?
问题描述
当我的 PHP 脚本从 AJAX POST 请求接收数据时,$_POST
变量被转义.真正奇怪的是,这只发生在我的生产服务器上(在 Linux 上运行 PHP 5.2.12)而不是在我的本地服务器上(在 Windows 上运行 PHP 5.3.1).
When my PHP script receives data from an AJAX POST request, the $_POST
variables are escaped. The really strange thing is that this only happens on my production server (running PHP 5.2.12 on Linux) and not on my local server (running PHP 5.3.1 on Windows).
这是 AJAX 代码:
Here is the AJAX code:
var pageRequest = false;
if(window.XMLHttpRequest) pageRequest = new XMLHttpRequest();
else if(window.ActiveXObject) pageRequest = new ActiveXObject("Microsoft.XMLHTTP");
pageRequest.onreadystatechange = function() { }
var q_str = 'data=' + " ' ";
pageRequest.open('POST','unnamed_page.php',true);
pageRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
pageRequest.setRequestHeader("Content-length", q_str.length);
pageRequest.setRequestHeader("Connection", "close");
pageRequest.send(q_str);
发生这种情况有什么原因吗?我应该如何解决这个问题才能在两台服务器上都能正常工作?
Is there any reason this is happening? And how should I fix this so that it works on both servers?
我对 magic_quotes 有以下设置:
I have the following settings for magic_quotes:
Local Master
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
推荐答案
您可能在 Linux 服务器上启用了魔术引号:magic_quotes
You probably have magic quotes enabled on the Linux server: magic_quotes
打开 magic_quotes 时,所有 '(单引号)、"(双引号)、(反斜杠)和 NUL 都会自动用反斜杠转义.
When magic_quotes are on, all ' (single-quote), " (double quote), (backslash) and NUL's are escaped with a backslash automatically.
禁用它们是一件好事,因为无论如何它们都会从 PHP 6 中删除.您还应该能够在脚本中禁用它们:set-magic-quotes-runtime 您不能停用负责在运行时转义 POST 数据的 magic_quotes 部分.如果可以,请在 php.ini 中禁用它.如果您不能这样做,请检查是否启用了 magic_quotes,并对您从 POST 获取的任何内容执行 stripslashes():
They're a good thing to disable, as they are going to be removed from PHP 6 onwards anyway. You should also be able to disable them inside your script: set-magic-quotes-runtime You can't deactivate the part of magic_quotes responsible for escaping POST data during runtime. If you can, disable it in php.ini. If you can't do that, do a check whether the magic_quotes are enabled, and do a stripslashes() on any content you fetch from POST:
if (get_magic_quotes_gpc())
$my_post_var = stripslashes($_POST["my_post_var"]);
这篇关于为什么 $_POST 变量在 PHP 中被转义?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!