Be aware that even using ini_set to set 'magic_quotes_runtime' will stop working in PHP 5.4. See http://php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime
(PHP 4, PHP 5)
set_magic_quotes_runtime — 设置当前 magic_quotes_runtime 配置选项的激活状态
This function was DEPRECATED in PHP 5.3.0, and REMOVED as of PHP 7.0.0.
自 PHP 5.3 起,该函数已经被弃用,执行它的时候会抛出 E_DEPRECATED 异常。 自 PHP 5.4 起,尝试开启 magic quotes 时该函数会产生一个 E_CORE_ERROR 错误。
new_setting
关闭是 FALSE
,开启是 TRUE
。
成功时返回 TRUE
, 或者在失败时返回 FALSE
。
Example #1 set_magic_quotes_runtime() 例子
<?php
// 创建临时文件指针
$fp = tmpfile();
// 写入一些数据
fwrite($fp, '\'PHP\' is a Recursive acronym');
// 没有 magic_quotes_runtime
rewind($fp);
set_magic_quotes_runtime(false);
echo 'Without magic_quotes_runtime: ' . fread($fp, 64), PHP_EOL;
// 有 magic_quotes_runtime
rewind($fp);
set_magic_quotes_runtime(true);
echo 'With magic_quotes_runtime: ' . fread($fp, 64), PHP_EOL;
// 清理
fclose($fp);
?>
以上例程会输出:
Without magic_quotes_runtime: 'PHP' is a Recursive acronym With magic_quotes_runtime: \'PHP\' is a Recursive acronym
Be aware that even using ini_set to set 'magic_quotes_runtime' will stop working in PHP 5.4. See http://php.net/manual/en/info.configuration.php#ini.magic-quotes-runtime
You should NEVER rely on magic quotes or addslashes for security in an SQL context. You should ALWAYS use proper escape functions, such as mysql_real_escape_string. Failure to do so may result in an SQL injection vulnerability.
A simple check and disabling of magic quotes whenever needed (e.g. if you deploy to multiple servers or you don't know the target server's PHP version).
<?php
if(version_compare(PHP_VERSION, '5.3.0', '<')){
set_magic_quotes_runtime(0);
}
?>
get_magic_quotes runtime and set_magic_quotes_runtime are useful when you want to read some data in a binary file using fread() and some bytes in such file may be interpreted as \ (backslash), " (double quotes), ' (simple quote) or any "special" character that has a meaning for string processing.