为什么 $_POST 变量在 PHP 中被转义? [英] Why are $_POST variables getting escaped in PHP?

问题描述

当我的 PHP 脚本从 AJAX POST 请求接收数据时，$_POST 变量被转义.真正奇怪的是，这只发生在我的生产服务器上(在 Linux 上运行 PHP 5.2.12)而不是在我的本地服务器上(在 Windows 上运行 PHP 5.3.1).

When my PHP script receives data from an AJAX POST request, the $_POST variables are escaped. The really strange thing is that this only happens on my production server (running PHP 5.2.12 on Linux) and not on my local server (running PHP 5.3.1 on Windows).

这是 AJAX 代码:

Here is the AJAX code:

var pageRequest = false;
if(window.XMLHttpRequest)     pageRequest = new XMLHttpRequest();
else if(window.ActiveXObject) pageRequest = new ActiveXObject("Microsoft.XMLHTTP");

pageRequest.onreadystatechange = function() { }

var q_str = 'data=' + " ' ";

pageRequest.open('POST','unnamed_page.php',true);

pageRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
pageRequest.setRequestHeader("Content-length", q_str.length);
pageRequest.setRequestHeader("Connection", "close");

pageRequest.send(q_str);

发生这种情况有什么原因吗?我应该如何解决这个问题才能在两台服务器上都能正常工作?

Is there any reason this is happening? And how should I fix this so that it works on both servers?

我对 magic_quotes 有以下设置:

I have the following settings for magic_quotes:

                     Local   Master

magic_quotes_gpc     On      On
magic_quotes_runtime Off     Off
magic_quotes_sybase  Off     Off

推荐答案

您可能在 Linux 服务器上启用了魔术引号:magic_quotes

You probably have magic quotes enabled on the Linux server: magic_quotes

打开 magic_quotes 时，所有 '(单引号)、"(双引号)、(反斜杠)和 NUL 都会自动用反斜杠转义.

When magic_quotes are on, all ' (single-quote), " (double quote), (backslash) and NUL's are escaped with a backslash automatically.

禁用它们是一件好事，因为无论如何它们都会从 PHP 6 中删除.您还应该能够在脚本中禁用它们:set-magic-quotes-runtime 您不能停用负责在运行时转义 POST 数据的 magic_quotes 部分.如果可以，请在 php.ini 中禁用它.如果您不能这样做，请检查是否启用了 magic_quotes，并对您从 POST 获取的任何内容执行 stripslashes():

They're a good thing to disable, as they are going to be removed from PHP 6 onwards anyway. You should also be able to disable them inside your script: set-magic-quotes-runtime You can't deactivate the part of magic_quotes responsible for escaping POST data during runtime. If you can, disable it in php.ini. If you can't do that, do a check whether the magic_quotes are enabled, and do a stripslashes() on any content you fetch from POST:

if (get_magic_quotes_gpc())  
 $my_post_var = stripslashes($_POST["my_post_var"]);

这篇关于为什么 $_POST 变量在 PHP 中被转义?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！