get_magic_quotes

Description

int get_magic_quotes_gpc ( void )

Returns the current configuration setting of magic_quotes_gpc (0 for off, 1 for on).

注: If the directive magic_quotes_sybase is ON it will completely override magic_quotes_gpc. So even when get_magic_quotes() returns TRUE neither double quotes, backslashes or NUL's will be escaped. Only single quotes will be escaped. In this case they'll look like: ''

Keep in mind that the setting magic_quotes_gpc will not work at runtime.

例子 1. get_magic_quotes_gpc() example
<?php echo get_magic_quotes_gpc(); // 1 echo $_POST['lastname']; // O\'reilly echo addslashes($_POST['lastname']); // O\\\'reilly if (!get_magic_quotes_gpc()) { $lastname = addslashes($_POST['lastname']); } else { $lastname = $_POST['lastname']; } echo $lastname; // O\'reilly $sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')"; ?>

In the interests of writing portable code (code that works in any enviroment), or, if you do not have access to change php.ini, you may wish to disable the effects of magic quotes on a per-script basis. This can be done in two ways, with a directive in a .htaccess file (php_value magic_quotes_gpc 0), or by adding the below code to the top of your scripts.
例子 2. Disabling magic quotes at runtime
<?php if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); }
Magic-quotes was added to reduce code written by beginners from being dangerous. If you disable magic quotes, you must be very careful to protect yourself from SQL injection attacks.