php 如何关闭共享主机上的魔术引号?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/517008/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to turn off magic quotes on shared hosting?
提问by John
I want to turn off PHP's magic quotes. I don't have access to php.ini.
我想关闭 PHP 的魔术引号。我无权访问 php.ini。
When I tried to add php_flag magic_quotes_gpc offto my .htaccess file, I get a 500 internal server error. This is what my .htaccess file looks like:
当我尝试添加php_flag magic_quotes_gpc off到我的 .htaccess 文件时,我收到 500 内部服务器错误。这是我的 .htaccess 文件的样子:
AddType x-mapp-php5 .php
php_flag magic_quotes_gpc off
Then I tried to use ini_set('magic_quotes_gpc', 'O'), but that had no effect.
然后我尝试使用ini_set('magic_quotes_gpc', 'O'),但没有效果。
How do I turn magic quotes off?
如何关闭魔术引号?
回答by Peter Bailey
As per the manualyou can often install a custom php.ini on shared hosting, where mod_php isn't used and the php_valuedirective thus leads to an error. For suexec/FastCGI setups it is quite common to have a per-webspace php.iniin any case.
根据手册,您通常可以在共享主机上安装自定义 php.ini,其中不使用 mod_php,php_value因此该指令会导致错误。对于 suexec/FastCGI 设置,php.ini在任何情况下都有一个 per-webspace 是很常见的。
--
——
I don't think O (uppercase letter o) is a valid value to set an ini flag. You need to use a true/false, 1/0, or "on"/"off" value.
我不认为 O(大写字母 o)是设置 ini 标志的有效值。您需要使用真/假、1/0 或“开”/“关”值。
ini_set( 'magic_quotes_gpc', 0 ); // doesn't work
EDIT
编辑
After checking the list of ini settings, I see that magic_quotes_gpc is a PHP_INI_PERDIRsetting (after 4.2.3), which means you can't change it with ini_set()(only PHP_INI_ALLsettings can be changed with ini_set())
检查ini设置列表后,我看到magic_quotes_gpc是一个PHP_INI_PERDIR设置(4.2.3之后),这意味着你不能改变它ini_set()(只有PHP_INI_ALL设置可以改变ini_set())
What this means is you have to use an .htaccess file to do this - OR - implement a script to reverse the effects of magic quotes. Something like this
这意味着您必须使用 .htaccess 文件来执行此操作 - 或者 - 实现一个脚本来反转魔术引号的效果。像这样的东西
if ( in_array( strtolower( ini_get( 'magic_quotes_gpc' ) ), array( '1', 'on' ) ) )
{
$_POST = array_map( 'stripslashes', $_POST );
$_GET = array_map( 'stripslashes', $_GET );
$_COOKIE = array_map( 'stripslashes', $_COOKIE );
}
回答by Powerlord
While I can't say why php_flag is giving you 500 Internal Server Errors, I will point out that the PHP manualhas an example of detecting if magic quotes is on and stripping it from the superglobals at runtime. Unlike the others posted, this one is recursive and will correctly strip quotes from arrays:
虽然我不能说为什么 php_flag 会给你500 Internal Server Errors,但我会指出PHP 手册有一个例子来检测魔术引号是否打开并在运行时从超全局变量中剥离它。与其他发布的不同,这个是递归的,可以正确地从数组中删除引号:
Update: I noticed today that there's a new version of the following code on the PHP manual that uses references to the super-globals instead.
更新:我今天注意到 PHP 手册中有以下代码的新版本,它使用对超级全局变量的引用。
Old version:
旧版本:
<?php
if (get_magic_quotes_gpc()) {
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
?>
New version:
新版本:
<?php
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?>
回答by gonzo
This will solve the problem of getting "Class 'PDO' not found" when you create a local php.ini file.
这将解决在您创建本地 php.ini 文件时出现“找不到类‘PDO’”的问题。
If you can't turn off magic quotes using the htaccess file (for reasons already given by Pete Bailey) just:
如果您无法使用 htaccess 文件关闭魔术引号(出于 Pete Bailey 已经给出的原因),只需:
- Create a text file
- Rename it to 'php.ini'
Add the lines
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
extension=pdo.so
extension=pdo_mysql.soSave it to the directory/ies in which your scripts are executing.
- 创建文本文件
- 将其重命名为“php.ini”
添加行
magic_quotes_gpc = 关闭
magic_quotes_runtime = 关闭
magic_quotes_sybase = 关闭
extension=pdo.so
extension=pdo_mysql.so将其保存到您的脚本正在执行的目录中。
Update: if you want to have just one copy of the new php.ini file then add this line to your root .htaccess file:
更新:如果您只想拥有一份新 php.ini 文件的副本,请将此行添加到您的根 .htaccess 文件中:
SetEnv PHPRC /path/to/site/root/public_html/php.ini
Obviously you need to move the ini file to this location of it's not there already.
显然,您需要将 ini 文件移动到它不存在的位置。
Hope that saves someone the 2 hours it's just taken me!
希望能节省我刚刚花费的 2 个小时!
回答by djn
The php_flag and php_value inside a .htaccess file are technically correct - but for PHP installed as an Apache module only. On a shared host you'll almost never find such a setup; PHP is run as a CGI instead, for reasons related to security (keeping your server neighbours out of your files) and the way phpsuexec runs scripts as 'you' instead of the apache user.
.htaccess 文件中的 php_flag 和 php_value 在技术上是正确的 - 但仅适用于作为 Apache 模块安装的 PHP。在共享主机上,您几乎找不到这样的设置;PHP 是作为 CGI 运行的,出于与安全相关的原因(使您的服务器邻居远离您的文件)以及 phpsuexec 以“您”而不是 apache 用户的身份运行脚本的方式。
Apache is thus correct giving you a server error: it doesn't know about the meaning of php_flag unless the PHP module is loaded. A CGI binary is to Apache an external program instead, and you can't configure it from within Apache.
因此,Apache 给您一个服务器错误是正确的:除非加载了 PHP 模块,否则它不知道 php_flag 的含义。CGI 二进制文件对 Apache 来说是一个外部程序,您不能从 Apache 内部配置它。
Now for the good news: you can set up per-directory configuration putting there a file named 'php.ini' and setting there your instructions using the same syntax as in the system's main php.ini. The PHP manuallists all settable directives: you can set those marked with PHP_INI_PERDIR or PHP_INI_ALL, while only the system administrator can set those marked PHP_INI_SYSTEM in the server-wide php.ini.
现在好消息是:您可以设置每个目录的配置,将一个名为“ php.ini”的文件放在那里,并使用与系统主 php.ini 中相同的语法在那里设置您的指令。在PHP手册列出了所有可设置的指令:您可以设置标有PHP_INI_PERDIR或PHP_INI_ALL,而只有系统管理员可以设置在服务器范围的php.ini那些标记PHP_INI_SYSTEM。
Note that such php.ini directives are not inherited by subdirectories, you'll have to give them their own php.ini.
请注意,此类 php.ini 指令不会被子目录继承,您必须为它们提供自己的 php.ini。
回答by T.Todua
======================== =============== MY SOLUTION ============================ (rename your php.ini to php5.ini)
====================================== 我的解决方案 ========== ====================(将你的 php.ini 重命名为 php5.ini)
and in the top (!), add these:
并在顶部 (!) 添加以下内容:
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
extension=pdo.so
extension=pdo_mysql.so
then in .htaccess, add this (in the top):
然后在 .htaccess 中,添加以下内容(在顶部):
SetEnv PHPRC /home/your_path/to/public_html/php5.ini
p.s. change /home/your_path/to/correctly (you can see that path by executing the <?php phpinfo(); ?>command from a typical .php file.)
ps/home/your_path/to/正确更改(您可以通过<?php phpinfo(); ?>从典型的 .php 文件执行命令来查看该路径。)
回答by Alix Axel
If you're running PHP 5.3+ this will do the trick, place it at the topmost of your page:
如果您运行的是 PHP 5.3+,这可以解决问题,请将其放在页面的最顶部:
if (get_magic_quotes_gpc() === 1)
{
$_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
$_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
$_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
$_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
}
Handles keys, values and multi-dimensional arrays.
处理键、值和多维数组。
回答by Yes Barry
I know I'm late to answer this, but I read most of the answers and while many were great, only djn actually explained whyyou were getting this 500 Internal Server Error.
我知道我回答这个问题迟到了,但我阅读了大部分答案,虽然很多都很棒,但只有djn 实际上解释了为什么你会得到这个500 Internal Server Error。
While his explanation was 100% correct, this is a perfect example of why you should always wrap those in an <IfModule>. While this won't fix the actual problem of not being able to set those flags in your .htaccess, it will at least prevent the 500error.
虽然他的解释是 100% 正确的,但这是一个完美的例子,说明为什么你应该总是将它们包装在<IfModule>. 虽然这不会解决不能够设置这些标志在你的实际问题.htaccess,它至少会阻止500错误。
<IfModule mod_php5.c>
# put all of your php_flags here, for example:
php_flag magic_quotes_gpc off
</IfModule>
Or for older versions it would be <IfModule mod_php.c>etc.
或者对于旧版本,它会是<IfModule mod_php.c>等。
I try to make a habit out of always doing this so as to avoid any such 500 errors. After that, just apply what Peter Bailey said.
我尽量养成不经常这样做的习惯,以避免任何这样的 500 错误。之后,就应用彼得贝利所说的。
回答by Adnan Anwar
if your hosting provider using cpanel, you can try copying php.ini into your web directory and edit it with magic_quotes_gpc = off
如果您的主机提供商使用 cpanel,您可以尝试将 php.ini 复制到您的 web 目录中并使用 magic_quotes_gpc = off 进行编辑
回答by middus
BaileyP's answer is already pretty good, but I would use this condition instead:
BaileyP 的回答已经很不错了,但我会改用这个条件:
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc() === 1){
$_POST = array_map( 'stripslashes', $_POST );
$_GET = array_map( 'stripslashes', $_GET );
$_COOKIE = array_map( 'stripslashes', $_COOKIE );
}
It is more defensive.
它更具防御性。
回答by ZoRNdYuKe
How about $_SERVER?
怎么样$_SERVER?
if (get_magic_quotes_gpc() === 1) {
$_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
$_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
$_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
$_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
$_SERVER = json_decode( stripslashes(json_encode($_SERVER,JSON_HEX_APOS)), true);
}
