[英]Escaping quotes - moving from PHP4 to PHP5
I've inherited a php4 site that needs to run on my PHP5 Server, I've solved most of the issues but can't figure out what the author was trying to do here. 我继承了一个需要在我的PHP5服务器上运行的php4站点,我已经解决了大多数问题,但无法弄清楚作者在这里试图做什么。 Well, to be precise, he was tring to quote the submitted text but I'm not sure how this function is supposed to work and how I should do it in PHP5? 好吧,确切地说,他是想引用提交的文本,但是我不确定该函数应该如何工作以及如何在PHP5中做到这一点?
# Function to safely add slashes when magic quotes is switched off
function safe_slash($string)
{
if (!get_magic_quotes_gpc())
{
$string = addslashes($string);
}
return $string;
}
By default PHP4 has an option in PHP.ini turned on called magic_quotes_gpc
, it will addslashes
to all $_POST/$_GET
variables. 默认情况下,PHP4在php.ini中的一个选项打开名为magic_quotes_gpc
,它会addslashes
所有$_POST/$_GET
变量。
That code simply checks if the value magic_quotes_gpc is turned off, if it is it will addslashes to the $string passed in. 该代码仅检查值magic_quotes_gpc是否已关闭,如果已关闭,它将在传入的$ string中添加斜线 。
It should work in PHP4 and PHP5 (in PHP6 magic_quotes_gpc is going to be removed I believe). 它应该在PHP4和PHP5中工作(我相信在PHP6中magic_quotes_gpc将被删除)。 It's not recommended to rely on though, it was initially for 'protecting' against SQL injection but it has been found to be inadequate. 但是不建议您依赖它,起初它是为了“保护” SQL注入,但已发现它不够用。
$_POST = self::addSlashesRecursive($_POST);
$_GET = self::addSlashesRecursive($_GET);
$_COOKIE = self::addSlashesRecursive($_COOKIE);
function addSlashesRecursive($s)
{
if (get_magic_quotes_gpc()) {
return $s;
}
if (is_string($s)) {
return addslashes($s);
} else if (is_array($s)) {
return array_map(array('addSlashesRecursive'), $s);
}
return $s;
}
But for my mind it will be better to change your code. 但对我而言,更改您的代码会更好。 In PHP6 magic_quotes will be removed at all. 在PHP6中,magic_quotes将被删除。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.