问题
I have a problem, an old program with mysql querys doesn't works in new php 5.3 with magick_quotes_gpc disabled, when a variable of query have single quote, ex:
$text=$_GET['text'] --> "This is a text doesn'**strong text**t works"
mysql_query("UPDATE table SET '{$text}'");
Only works if I make previously this:
$text=mysql_real_escape_string($_GET['text']);
But I can't modify the program, and the program is to big and have a lot of querys, which I can i do?
回答1:
But I can't modify the program, and the program is to big and have a lot of querys, which I can i do?
If you can't modify the program, then you should enable magic_quotes_gpc - the feature itself is still available in php 5.3 - only deprecated.
Upgrading to php 5.4 and running the application however would be a security issue. So after you've now been warned about deprecation, consider how you want to keep the maintenance for the application in question in the future.
回答2:
Don't enable magic_quotes_gpc.
This feature has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.
You can run a search and replace on your code and replace all occurences of $_GET[] with mysql_real_escape_string($_GET[]);
来源:https://stackoverflow.com/questions/10628032/php-5-3-magick-quotes-gpc