All geek questions in one place

$ _POST and $ _GET convert quote (') to backslash + quote (\')

I have this code:

<?php echo $_GET['user']; ?> <html > <head> </head> <body> <form method = "GET" action="file.php"> <input type = "text" name = "user"><br> <input type = "submit" value ="submit"><br> </form> </body> </html>

when I type ' in the text box, it prints \' instead of ' .
for example, if I type 'hello' , it prints \'hello\' .
So how can I fix this?

+6
source share
5 answers

Traits were added because you have magic_quotes_gpc=On in your php.ini . Please note that this function has been repaired and you must disable it in php.ini . It was a former security feature, but you should not rely on it. Instead, write code for yourself that evaluates all the inputs and uses prepared statements when passing the input to SQL queries, or uses escapeshellarg() if you pass input to shell scripts.

However, use stripslashes() to remove the slash:

 echo stripslashes($_GET['user']);
+13
source

It looks like you have the magic quotes set in your PHP interpreter. They can be disabled using ini.

+5
source

You must first call this function.
You no longer need the backslash, regardless of your php.ini settings.

 function gpc_clean() { if (get_magic_quotes_gpc()) { $arr = array(); if (isset($_GET)) $arr[] =& $_GET; if (isset($_POST)) $arr[] =& $_POST; if (isset($_COOKIE)) $arr[] =& $_COOKIE; array_walk_recursive($arr, function (&$v) { $v = stripslashes($v); }); } }
+3
source 
 echo stripslashes($_GET['user']);
+2
source

Use this code to make it work regardless of whether the function is on or off:

 function remove_magic_quotes($input) { if(get_magic_quotes_gpc()) $input= stripslashes($input); return $input; }
+2
source

Source: https://habr.com/ru/post/944992/

More articles:


All Articles