MCQs Test!! VB Basic Test !! Essentials of VB !! Creating User Services !! function !! Anatomy !! GK March-2019 !! DATA TYPES IN JAVA !! Classes ,Constructor ,Methods,Inheritance !! Ecology-I !! Biology 2019 !! Gk april 2019 !! Biology (living world) !! Plant anatomy !! CELL STRUCTURES AND FUNCTION !! General biology !! Human physiology !! Data structure !! Ecology-II !! GK TEST !! Reproduction in plants !! Human reproduction !! The ABC of C !! Operating system set1 !! Operating system set2 !! Gk and current affairs !! Animal kingdom !! Number system !! Animal kingdom-II !! Gk TEST-III !! Number series !! Microorganisms !! Interview question in c !! Time and Work !! Percentage !! General history !! Average !! Cells !! Locomotion and Movement !! paging !! Bacteriology !! Page replacement policy !! Secondary memory and Disk scheduling !! Introduction of Nervous System and neurons !! Plant harmones !! Transport and Mineral Nutrition in Plants !! Neurotransmitters !! Modern Indian History !! Photosynthesis in Plants !! Modern Indian History-II !! Plant respiration !! Environment & Biodiversity !! Environment & Biodiversity - II !! Algae, Bryophytes, Pteridophytes !! Area !! Cricket !! Days of the Year (India and the World) !! Plant Pathology - I !! Indian Transport System !! Plant Pathology - II !! Aptitude !! Biology !! Botany !! C language !! Computer Science !! Core Java !! Gate !! GK !! Mysql !! Operating system !! Physics !! VB-Visual Basic !! Zoology

PHP Programing language

PHP Magic-Quotes
Previous Home Next

In PHP 6.0 include there is a feature called magic quotes. The Magic Quotes was created to help protect newbie programmers from writing bad form of processing code. The Magic quotes is automatically escape risky form of data that can be used for SQL Injection with a backslash (\). The characters escaped by PHP include: quote ('), double quote ("), backslash (\) and NULL characters.

This is newbie protection proved to cause more problems and is not in PHP 6.0 and if your PHP version is any version before 6.0 then we should use these lesson to learn more about how magic quotes can affect you.

The Magic Quotes are Enabled

we need to check to see if we have magic quotes enabled on your server. The get_magic_quotes_gmcq function will return a 0 (off) or a 1 (on). These Boolean values will fit nicely into an if statement where 1 is true and 0 is false.

PHP Code:
<?php
if(get_magic_check_quotes_gmcq())
	echo "The magic quotes checked process is Enabled";
else
	echo "The magic quotes checked process is Disabled";
?>

To make a simple form processor to showing how machines with magic quotes checked enabled will escape those potentially risky characters. and this form is submits to itself, so you only need to make one file, "magic-quotes.php" to test it out.

<?php
echo "Altered Text: ".$_POST['question'];
?>

<form method='post'>
Question: <input type='text' name='question'/><br />
<input type='submit'>
</form>

This simple form will display to you what magic quotes is doing and if you enter and submit the string: jacob said, "It's a beautiful site i read this site \'s." You would receive the following output.

Output:

Altered Text: Jacob said, \"It\'s a beautiful site i read this site \\\'s.\"

 

Question:

The Magic quotes did a number on that string, didn't it? Notice that there is a backslash before all of those risky characters we talked about earlier. After magic quotes:

A backslash \ becomes \\
A quote ' becomes \'
A double-quote " becomes \"

If we want to remove the escaping that magic quotes puts in,then we have two options:

  1. disable magic quotes
  2. strip the backslashes magic quotes adds.

How can removing Backslashes - stripslashes()

Before you use PHP's backslash removal function strip slashes it's smart to add some magic quote checking like our "Are They Enabled?" section above. This way you won't accidentally be removing slashes that are legitimate in the future if your PHP's magic quotes setting changes in the future.

<?php
echo "Removed Slashes: ";
// Remove those slashes

if (get_magic_check_quotes_gmcq())
	echo stripslashes ($_POST['question']);
else
	echo $_POST ['question'];
?>

<form method='post'>
Question: <input type='text' name='question'/><br/>
<input type='submit'>
</form>
Previous Home Next