<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >关闭魔术引号</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="PHP 手册" HREF="index.html"><LINK REL="UP" TITLE="魔术引号" HREF="security.magicquotes.html"><LINK REL="PREVIOUS" TITLE="为什么不用魔术引号" HREF="security.magicquotes.whynot.html"><LINK REL="NEXT" TITLE="隐藏 PHP" HREF="security.hiding.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="sect1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PHP 手册</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="security.magicquotes.whynot.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >章 31. 魔术引号</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="security.hiding.html" ACCESSKEY="N" >下一页</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="sect1" ><H1 CLASS="sect1" ><A NAME="security.magicquotes.disabling" >关闭魔术引号</A ></H1 ><P > <A HREF="ref.info.html#ini.magic-quotes-gpc" >magic_quotes_gpc</A > 指令只能在系统级关闭,不能在运行时。也就是说不能用 <A HREF="function.ini-set.html" ><B CLASS="function" >ini_set()</B ></A >。 </P ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN6873" ></A ><P ><B >例 31-1. 在服务器端关闭魔术引号</B ></P ><P > 下面是一个通过 <TT CLASS="filename" >php.ini</TT > 文件把这些选项设为 <TT CLASS="literal" >Off</TT > 的范例。更多信息请参见本手册的<A HREF="configuration.changes.html" >怎样修改配置设定</A >。 </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="screen" >; Magic quotes ; ; Magic quotes for incoming GET/POST/Cookie data. magic_quotes_gpc = Off ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. magic_quotes_runtime = Off ; Use Sybase-style magic quotes (escape ' with '' instead of \'). magic_quotes_sybase = Off</PRE ></TD ></TR ></TABLE ><P > 如果不能修改服务器端的配置文件,使用 <TT CLASS="filename" >.htaccess</TT > 也可以。范例如下: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="screen" >php_flag magic_quotes_gpc Off</PRE ></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ><P > 为了能写出移植性较强的代码(可以运行于任何环境),例如不能修改服务器配置的情况,下面的例子可以在运行时关闭 <A HREF="ref.info.html#ini.magic-quotes-gpc" >magic_quotes_gpc</A >。但是这样做比较低效,适当的修改配置才是更好的办法。 </P ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN6886" ></A ><P ><B >例 31-2. 在运行时关闭魔术引号</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br /></font><font color="#007700">if (</font><font color="#0000BB">get_magic_quotes_gpc</font><font color="#007700">()) {<br /> function </font><font color="#0000BB">stripslashes_deep</font><font color="#007700">(</font><font color="#0000BB">$value</font><font color="#007700">)<br /> {<br /> </font><font color="#0000BB">$value </font><font color="#007700">= </font><font color="#0000BB">is_array</font><font color="#007700">(</font><font color="#0000BB">$value</font><font color="#007700">) ?<br /> </font><font color="#0000BB">array_map</font><font color="#007700">(</font><font color="#DD0000">'stripslashes_deep'</font><font color="#007700">, </font><font color="#0000BB">$value</font><font color="#007700">) :<br /> </font><font color="#0000BB">stripslashes</font><font color="#007700">(</font><font color="#0000BB">$value</font><font color="#007700">);<br /><br /> return </font><font color="#0000BB">$value</font><font color="#007700">;<br /> }<br /><br /> </font><font color="#0000BB">$_POST </font><font color="#007700">= </font><font color="#0000BB">array_map</font><font color="#007700">(</font><font color="#DD0000">'stripslashes_deep'</font><font color="#007700">, </font><font color="#0000BB">$_POST</font><font color="#007700">);<br /> </font><font color="#0000BB">$_GET </font><font color="#007700">= </font><font color="#0000BB">array_map</font><font color="#007700">(</font><font color="#DD0000">'stripslashes_deep'</font><font color="#007700">, </font><font color="#0000BB">$_GET</font><font color="#007700">);<br /> </font><font color="#0000BB">$_COOKIE </font><font color="#007700">= </font><font color="#0000BB">array_map</font><font color="#007700">(</font><font color="#DD0000">'stripslashes_deep'</font><font color="#007700">, </font><font color="#0000BB">$_COOKIE</font><font color="#007700">);<br /> </font><font color="#0000BB">$_REQUEST </font><font color="#007700">= </font><font color="#0000BB">array_map</font><font color="#007700">(</font><font color="#DD0000">'stripslashes_deep'</font><font color="#007700">, </font><font color="#0000BB">$_REQUEST</font><font color="#007700">);<br />}<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="security.magicquotes.whynot.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >起始页</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="security.hiding.html" ACCESSKEY="N" >下一页</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >为什么不用魔术引号</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="security.magicquotes.html" ACCESSKEY="U" >上一级</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >隐藏 PHP</TD ></TR ></TABLE ></DIV ></BODY ></HTML >