Which superglobals are affected by magic_quotes_gpc = 1?

痞子三分冷 提交于 2020-01-03 16:50:23

问题


By looking at the name of this directive one may think that magic_quotes are only applied to $_GET, $_POST and $_COOKIE superglobals but there is one perturbing comment on the PHP Manual:

Please note, that when magic_quotes_gpc is set not only $_POST, $_GET, $_REQUEST, $_COOKIE arrays values are slashed. Actually every string value in $GLOBALS array is slashed, ie. $GLOBALS['_SERVER']['PATH_INFO'] (or $_SERVER['PATH_INFO']).

Can anyone confirm that this is true? Are the superglobals $GLOBALS, $_SERVER, $_FILES, $_SESSION and $_ENV affected as well?

One more question, if I iterate stripslashes() over the $_GET, $_POST and $_COOKIE arrays do I also need to iterate through the $_REQUEST array? Or are the changes automatically reflected?


回答1:


Either way i'd advise you not to rely on GPC as it has been deprecated on newer PHP versions...

It may not be too relevant for your question but on the raised issue of SQL security alternatives i usually use prepared statements + mysql_real_escape_string for MySQL.

To make it close to perfect it involves a couple of functions as it also should support integer, boolean and null values but you can take a look at the source code on the Database and Database_mysql classes on NaturePhp .




回答2:


I've run some tests on LightTPD 1.4.20 and PHP 5.3.0 with magic_quotes_gpc = On and $_SERVER wasn't altered (at least [SERVER_NAME] => local'host didn't). $_SESSION also isn't affected by magic_quotes.

$_GET, $_POST, $_COOKIE and $_REQUEST were affected (and their $GLOBALS counterparts).

Also, the changes in the GPC superglobals aren't automatically reflected in $_REQUEST.

As for the $_FILES and $_ENV superglobals I'm not able to test them ATM.


I've finally ran this test and, to my surprise, both $_FILES and php://input are affected.



来源:https://stackoverflow.com/questions/2024150/which-superglobals-are-affected-by-magic-quotes-gpc-1

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!