当magic_quotes_gpc=off
# 鬼仔注:文中有一个ECShop SQL injection 漏洞。
Pstzine0x03里”[0x06] 高级PHP代码审核技术”一文中关于 “5.3.6 变量key与魔术引号” 部分的php源代码分析
author: ryat#www.wolvez.org
team:http://www.80vul.com
date:2009-04-10
一、综述
magic_quotes_gpc是php中的一个安全选项,在php manual中对此有如下描述:
When on, all ‘ (single-quote), ” (double quote), \ (backslash) and NULL characters are escaped with a backslash automatically. This is identical to what addslashes() does
阅读全文 »
