为什么$ _POST变量在PHP中被转义？ [英] Why are $_POST variables getting escaped in PHP?

问题描述

当我的PHP脚本从AJAX POST请求中接收到数据时，$ code> $ _ POST 变量被转义。真的很奇怪的是，这只会发生在我的生产服务器上（在Linux上运行PHP 5.2.12），而不是在我的本地服务器上（在Windows上运行PHP 5.3.1）。

When my PHP script receives data from an AJAX POST request, the $_POST variables are escaped. The really strange thing is that this only happens on my production server (running PHP 5.2.12 on Linux) and not on my local server (running PHP 5.3.1 on Windows).

这是AJAX代码：

var pageRequest = false;
if(window.XMLHttpRequest)     pageRequest = new XMLHttpRequest();
else if(window.ActiveXObject) pageRequest = new ActiveXObject("Microsoft.XMLHTTP");

pageRequest.onreadystatechange = function() { }

var q_str = 'data=' + " ' ";

pageRequest.open('POST','unnamed_page.php',true);

pageRequest.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
pageRequest.setRequestHeader("Content-length", q_str.length);
pageRequest.setRequestHeader("Connection", "close");

pageRequest.send(q_str);

是否有任何原因发生？我应该如何解决这个问题，以便它在两台服务器上工作？

Is there any reason this is happening? And how should I fix this so that it works on both servers?

编辑：我有以下magic_quotes设置：

I have the following settings for magic_quotes:

                     Local   Master

magic_quotes_gpc     On      On
magic_quotes_runtime Off     Off
magic_quotes_sybase  Off     Off

推荐答案

您可能在Linux服务器上启用了魔术报价： magic_quotes

You probably have magic quotes enabled on the Linux server: magic_quotes

当magic_quotes打开时，所有'（单引号），（双引号），\（反斜杠）和NUL都将自动转义为反斜杠。

When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically.

它们是一个很好的禁用功能，因为它们将从PHP 6开始移除。您还应该可以在脚本中禁用它们： a href =http://php.net/manual/en/function.set-magic-quotes -runtime.phprel =noreferrer> set-magic-quotes-runtime 您不能在运行时停用负责转义POST数据的magic_quotes部分。如果可以，请在php.ini中禁用它。如果您不能这样做，请检查是否启用magic_quotes，并从POST中获取的任何内容上执行stripslashes（）：

They're a good thing to disable, as they are going to be removed from PHP 6 onwards anyway. You should also be able to disable them inside your script: set-magic-quotes-runtime You can't deactivate the part of magic_quotes responsible for escaping POST data during runtime. If you can, disable it in php.ini. If you can't do that, do a check whether the magic_quotes are enabled, and do a stripslashes() on any content you fetch from POST:

if (get_magic_quotes_gpc())  
 $my_post_var = stripslashes($_POST["my_post_var"]);

这篇关于为什么$ _POST变量在PHP中被转义？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！