PHPKonf Istanbul PHP Conference 2019 - Call for Papers

湖北11选五前三走势图:Magic Quotes

Table of Contents

Warning

湖北十一选五官网 www.na503.cn This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.

Magic Quotes is a process that automagically escapes incoming data to the PHP script. It's preferred to code with magic quotes off and to instead escape the data at runtime, as needed.

add a note add a note

User Contributed Notes 1 note

up
32
cHao
7 years ago
The very reason magic quotes are deprecated is that a one-size-fits-all approach to escaping/quoting is wrongheaded and downright dangerous.  Different types of content have different special chars and different ways of escaping them, and what works in one tends to have side effects elsewhere.  Any sample code, here or anywhere else, that pretends to work like magic quotes --or does a similar conversion for HTML, SQL, or anything else for that matter -- is similarly wrongheaded and similarly dangerous.

Magic quotes are not for security.  They never have been.  It's a convenience thing -- they exist so a PHP noob can fumble along and eventually write some mysql queries that kinda work, without having to learn about escaping/quoting data properly.  They prevent a few accidental syntax errors, as is their job.  But they won't stop a malicious and semi-knowledgeable attacker from trashing the PHP noob's database.  And that poor noob may never even know how or why his database is now gone, because magic quotes (or his spiffy "i'm gonna escape everything" function) gave him a false sense of security.  He never had to learn how to really handle untrusted input.

Data should be escaped where you need it escaped, and for the domain in which it will be used.  (mysql_real_escape_string -- NOT addslashes! -- for MySQL (and that's only unless you have a clue and use prepared statements), htmlentities or htmlspecialchars for HTML, etc.)  Anything else is doomed to failure.
To Top
  • 12306网站用户信息外泄?铁总深夜“辟谣” 2018-12-11
  • 第二届加强创新和社会管理案例理论论坛暨社会管理创新案例颁奖典礼 2018-12-10
  • 中国共产党第十九次全国代表大会 2018-12-10
  • 女性之声——全国妇联 2018-12-10
  • NBA总决赛4比0横扫骑士问鼎 4年夺3冠勇士王朝! 2018-12-09
  • 图解:关于中国梦,习近平总书记这十句话直抵人心 2018-12-09
  • 【十九大·理论新视野】动漫:“美丽中国”如何绘就 2018-12-09
  • 宁波制造分享俄罗斯世界杯经济蛋糕 2018-12-08
  • 为丰富百姓餐桌提供更多选择(打开对外开放新局面) 2018-12-08
  • 英媒:中国正引领无人智能设备革命 城市机器人或将崛起 2018-12-08
  • 强征钢铝税惹众怒,美国在G7财长会上被孤立 2018-12-07
  • 太原35397名考生参加中考体测 2018-12-07
  • 西藏昂仁县:保障群众健康生活 用健康扶贫助推精准扶贫 2018-12-07
  • 警惕打着“高科技”旗号的食品虚假宣传 2018-12-07
  • 不是“不尊重公投”,而是不尊重人类社会发展规律就是不尊重人类。 2018-12-06
  • 806| 224| 545| 251| 200| 425| 721| 997| 67| 323|