<object id="xwuag"></object>
      1. <tbody id="xwuag"><pre id="xwuag"><video id="xwuag"></video></pre></tbody>
        <progress id="xwuag"></progress>

        <nav id="xwuag"><big id="xwuag"><rt id="xwuag"></rt></big></nav>
        <em id="xwuag"></em>

        <nav id="xwuag"></nav><rp id="xwuag"></rp>
        <li id="xwuag"></li>
      2. <rp id="xwuag"></rp>
        <s id="xwuag"></s><th id="xwuag"><pre id="xwuag"><video id="xwuag"></video></pre></th>
      3. <nav id="xwuag"><center id="xwuag"></center></nav>
          <dd id="xwuag"><big id="xwuag"></big></dd>

          关闭魔术引号

          magic_quotes_gpc 指令只能在系统级关闭,不能在运行时。也就是说不能用 ini_set()

          Example #1 在服务器端关闭魔术引号

          下面是一个通过 php.ini 文件把这些选项设为 Off 的范例。更多信息请参见本手册的怎样修改配置设定

          ; Magic quotes
          ;
          
          ; Magic quotes for incoming GET/POST/Cookie data.
          magic_quotes_gpc = Off
          
          ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
          magic_quotes_runtime = Off
          
          ; Use Sybase-style magic quotes (escape ' with '' instead of \').
          magic_quotes_sybase = Off
          

          如果不能修改服务器端的配置文件,使用 .htaccess 也可以。范例如下:

          php_flag magic_quotes_gpc Off
          

          为了能写出移植性较强的代码(可以运行于任何环境),例如不能修改服务器配置的情况,下面的例子可以在运行时关闭 magic_quotes_gpc。但是这样做比较低效,适当的修改配置才是更好的办法。

          Example #2 在运行时关闭魔术引号

          <?php
          if (get_magic_quotes_gpc()) {
              function 
          stripslashes_deep($value)
              {
                  
          $value is_array($value) ?
                              
          array_map('stripslashes_deep'$value) :
                              
          stripslashes($value);

                  return 
          $value;
              }

              
          $_POST array_map('stripslashes_deep'$_POST);
              
          $_GET array_map('stripslashes_deep'$_GET);
              
          $_COOKIE array_map('stripslashes_deep'$_COOKIE);
              
          $_REQUEST array_map('stripslashes_deep'$_REQUEST);
          }
          ?>
          add a note add a note

          User Contributed Notes 10 notes

          up
          16
          stuart at horuskol dot co dot uk
          11 years ago
          I have discovered that my host doesn't like either of the following directives in the .htaccess file:

          php_flag magic_quotes_gpc Off
          php_value magic_quotes_gpc Off

          However, there is another way to disable this setting even if you don't have access to the server configuration - you can put a php.ini file in the directory where your scripts are with the directive:

          magic_quotes_gpc = Off

          However, these does not propogate unlike  .htaccess rules, so if you launch from a sub-directory, you need the php.ini file in each directory you have as script entry points.
          up
          16
          mike at mawdesign dot com
          5 years ago
          Here's a couple tips when using scripts on different (often shared) hosts, where ini_set doesn't work and php directives in .htaccess causes a 500 Internal Server Error.

          Firstly, copy the server's php.ini file to your domain's web-root folder. To find the correct paths, use phpinfo() and look for "Configuration File (php.ini) Path" and "DOCUMENT_ROOT"

          It's unlikely you'll have access to the php.ini via FTP, so instead run a script with a simple copy command (obviously inserting your paths):

          exec("cp /usr/local/php/etc/php.ini /home/LinuxPackage/public_html/php.ini);

          Edit the now-accessible php.ini file, and add settings like 'magic_quotes_gpc = off' at the bottom (regardless of whether they've been set earlier in the file). I also set:

          [PHP]
          max_execution_time = 60
          max_input_time = 90
          memory_limit = 64M
          post_max_size = 32M
          upload_max_filesize = 31M
          magic_quotes_gpc = Off

          Finally add the below line to your web-root htaccess file, to make the local php.ini the web-root default (so you don't need a copy in every script sub-folder):

          SetEnv PHPRC /home/LinuxPackage/public_html/php.ini

          Hope that helps a few people save some time!

          Mike.

          P.S. Using the new php_ini_loaded_file() function the whole lot could be done in three lines:

          exec("cp " . php_ini_loaded_file() . " " . $_SERVER['DOCUMENT_ROOT'] . "/php.ini");
          fwrite(fopen("{$_SERVER['DOCUMENT_ROOT']}/php.ini", 'a'), PHP_EOL . '[PHP]' . PHP_EOL . "magic_quotes_gpc = Off" . PHP_EOL);
          fwrite(fopen("{$_SERVER['DOCUMENT_ROOT']}/.htaccess", 'a'), PHP_EOL . "SetEnv PHPRC {$_SERVER['DOCUMENT_ROOT']}/php.ini" . PHP_EOL);
          up
          14
          booboogotu at gmail dot com
          9 years ago
          A php5 way:

          <?php
          if (get_magic_quotes_gpc()) {
              function
          stripslashes_gpc(&$value)
              {
                 
          $value = stripslashes($value);
              }
             
          array_walk_recursive($_GET, 'stripslashes_gpc');
             
          array_walk_recursive($_POST, 'stripslashes_gpc');
             
          array_walk_recursive($_COOKIE, 'stripslashes_gpc');
             
          array_walk_recursive($_REQUEST, 'stripslashes_gpc');
          }
          ?>
          up
          1
          Anonymous
          12 years ago
          PHP's magic quotes function has the strange behavior of not adding slashes to top level keys in GPC key/value pairs but adding the slashes in deeper level keys. To demonstrate, a URI of:

          example.php?a'b[c'd]=e'f
          produces:
          array("a'b" => array("c\'d" => "e\'f"))

          The current example for removing magic quotes does not do anything to keys, so after running stripslashes_deep, you would end up with:
          array("a'b" => array("c\'d" => "e'f"))

          Which, needless to say, is wrong. As if you had magic quotes off, it would have been:
          array("a'b" => array("c'd" => "e'f"))

          I have written a snippet of code compatible with PHP 4.0.0 and above that handles this correctly:

          if (get_magic_quotes_gpc()) {
              function undoMagicQuotes($array, $topLevel=true) {
                  $newArray = array();
                  foreach($array as $key => $value) {
                      if (!$topLevel) {
                          $key = stripslashes($key);
                      }
                      if (is_array($value)) {
                          $newArray[$key] = undoMagicQuotes($value, false);
                      }
                      else {
                          $newArray[$key] = stripslashes($value);
                      }
                  }
                  return $newArray;
              }
              $_GET = undoMagicQuotes($_GET);
              $_POST = undoMagicQuotes($_POST);
              $_COOKIE = undoMagicQuotes($_COOKIE);
              $_REQUEST = undoMagicQuotes($_REQUEST);
          }
          up
          1
          dedlfix
          12 years ago
          The function stripslashes_deep() ignores slashes in the keys

          For example a query string like this: ?foo'bar=baz'bal

          Output of var_dump($_GET) is:

          array(1) {
            ["foo\'bar"]=>
            string(8) "baz\'bal"
          }

          after stripslashes_deep():

          array(1) {
            ["foo\'bar"]=>
            string(7) "baz'bal"
          }

          If you want the keys to be stripslashed too, you have to unset() the addslahed key and to add a stripslashed version. But keep in mind that this will change the order of the array.
          up
          0
          greyshark at hotmail dot com
          7 months ago
          Mike's answer worked for me. The only thing that was different was finding the path to the php.ini file.

          Configuration File (php.ini) Path said the path was /etc, but this wasn't true. There was no php.ini there.

          To find the path, I had to type
          php -i | grep /php.ini
          in the terminal. This gave the correct path, which was /opt/php70/lib/php.ini
          up
          0
          Dan dot gill at hotmail dot com
          5 years ago
          These instructions are great.  And if you have a site with an integrated shopping cart, then you will need to copy PHP.ini from the root of your site to the root folder of your shopping cart - otherwise you will still get errors on your cart pages.
          up
          0
          rdk
          12 years ago
          The function parse_str() (http://us3.php.net/manual/en/function.parse-str.php) is also affected by magic_quotes_gpc, so if that function is called anywhere, stripslashes_deep won't be sufficient by itself.
          up
          -1
          metala at metala dot org
          9 years ago
          I have recently found out that magic quotes affects not only the values of the GPC arrays, but also the keys.

          For now, my way to solve with the problem is:

          <?php
          if (get_magic_quotes_gpc()) {
              function
          magicQuotes_awStripslashes(&$value, $key) {$value = stripslashes($value);}
             
          $gpc = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
             
          array_walk_recursive($gpc, 'magicQuotes_awStripslashes');
          }
          ?>

          Unfortunately it doesn't fix the keys... and cannot determinate if the slashes are already stripped.
          up
          -16
          H Patel
          5 years ago
          i do not check for get_magic_quotes_gpc is on of off as we should remove all slashes. another thing is to remove slashes using strip slash will only remove "\" to "" and "\\" to "\"

          To over come this problem i use str_replace(array( '\\'), '', $v)

          Update Example 2
          <?php

              $process
          = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
              while (list(
          $key, $val) = each($process)) {
                  foreach (
          $val as $k => $v) {
                      unset(
          $process[$key][$k]);
                      if (
          is_array($v)) {
                         
          $process[$key][str_replace(array('\\'), '', $k)] = $v;
                         
          $process[] = &$process[$key][str_replace(array('\\'), '', $k)];
                      } else {
                         
          $process[$key][str_replace(array('\\'), '', $k)] = str_replace(array('\\'), '', $v);
                      }
                  }
              }
              unset(
          $process);

          ?>

          備份地址:http://www.lvesu.com/blog/php/security.magicquotes.disabling.php

          国产成人午夜福利r在线观看_欧美性受xxxx孕妇_白丝娇喘过膝袜爽短裙调教_jizz jizz xxxx