关闭魔术引号

magic_quotes_gpc 指令只能在系统级关闭，不能在运行时。也就是说不能用 ini_set()。

例子 31-1. 在服务器端关闭魔术引号
下面是一个通过 php.ini 文件把这些选项设为 Off 的范例。更多信息请参见本手册的怎样修改配置设定。
; Magic quotes ; ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off
如果不能修改服务器端的配置文件，使用 .htaccess 也可以。范例如下：
php_flag magic_quotes_gpc Off

为了能写出移植性较强的代码（可以运行于任何环境），例如不能修改服务器配置的情况，下面的例子可以在运行时关闭 magic_quotes_gpc。但是这样做比较低效，适当的修改配置才是更好的办法。

例子 31-2. 在运行时关闭魔术引号
<?php if (get_magic_quotes_gpc()) { function stripslashes_deep($value) { $value = is_array($value) ? array_map('stripslashes_deep', $value) : stripslashes($value); return $value; } $_POST = array_map('stripslashes_deep', $_POST); $_GET = array_map('stripslashes_deep', $_GET); $_COOKIE = array_map('stripslashes_deep', $_COOKIE); } ?>

add a note User Contributed Notes

rdk
09-Sep-2006 02:44


The function parse_str() (http://us3.php.net/manual/en/function.parse-str.php) is also affected by magic_quotes_gpc, so if that function is called anywhere, stripslashes_deep won't be sufficient by itself.

dedlfix
20-Aug-2006 08:18


The function stripslashes_deep() ignores slashes in the keys



For example a query string like this: ?foo'bar=baz'bal



Output of var_dump($_GET) is:



array(1) {

  ["foo\'bar"]=>

  string(8) "baz\'bal"

}



after stripslashes_deep():



array(1) {

  ["foo\'bar"]=>

  string(7) "baz'bal"

}



If you want the keys to be stripslashed too, you have to unset() the addslahed key and to add a stripslashed version. But keep in mind that this will change the order of the array.

add a note