我试图在PHP中关闭魔术引号但无法将其禁用 - 我已在/usr/local/lib/php.ini中设置了以下内容并重新启动了Apache,但它没有任何区别。
; Magic quotes
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off
; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off
; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off
phpinfo确认这些都已设置为关闭。
magic_quotes_gpc Off Off
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
然后我尝试添加
php_flag magic_quotes_gpc off
到htaccess但是这会产生500内部服务器错误 - 在error_log中查找没有任何内容可以告诉我为什么会发生这种情况。
服务器运行带有CPanel / WHM的Centos 5.8 64位,前端是带有自定义PHP应用程序的Wordpress。 PHP版本为5.3.18,加载配置文件为/usr/local/lib/php.ini
我认为它不起作用的原因是从MySQL中提取的以下消息,其中在添加到数据库之前将mysql_real_escape_string,addslashes和htmlspecialchars应用于它。
原始邮件是:
This is a "how to" question. I don't think it is covered in the notes - sorry if I've missed it.
它被添加到MySQL中:
This is a "how to" question. I don\'t think it is covered in the notes - sorry if I\'ve missed it.
当它显示在屏幕上时显示为:
This is a \\"how to\\" question. I don\\\'t think it is covered in the notes - sorry if I\\\'ve missed it.
然后当striplashes应用于此时,它变为:
This is a \"how to\" question. I don\'t think it is covered in the notes - sorry if I\'ve missed it.
我做错了什么或者我还能尝试什么?
答案 0 :(得分:0)
\"不是魔术引号或addslashes()的结果。
另外,我想不出一个标准的PHP引用函数会用\"替换双引号并用斜杠转义单引号。您的代码存在更深层次的错误。