| 翻訳と辞書 |
| Magic quotes : ウィキペディア英語版 |
Magic quotes
Magic quotes is a controversial feature of the PHP scripting language, wherein strings are automatically escaped—special characters are prefixed with a backslash—before being passed on. It was introduced to help newcomers write functioning SQL commands without requiring manual escaping. It was later described and widely misinterpreted as intended to prevent inexperienced developers from writing code that was vulnerable to SQL injection attacks.
This feature was officially deprecated as of PHP 5.3.0 and removed in PHP 5.4, due to security concerns.
== Concept ==
The current revision of the PHP manual mentions that the rationale behind magic quotes was to "help () code written by beginners from being dangerous."〔(【引用サイトリンク】title=PHP:Why use magic quotes? )〕 It was however originally introduced in PHP 2 as a php.h compile-time setting for msql, only escaping single quotes, "making it easier to pass form data directly to msql queries".〔(【引用サイトリンク】title=If the MAGIC_QUOTES variable is defined in the php.h file then these quotes will be automatically escaped making it easier to pass form data directly to msql queries. )〕 It originally was intended as a "convenience feature, not as () security feature."〔(【引用サイトリンク】title=Re: () what are magic_quotes? )〕
The use scope for magic quotes was expanded in PHP 3. Single quotes, double quotes, backslashes and null characters in all user-supplied data all have a backslash prepended to them before being passed to the script in the $_GET, $_REQUEST, $_POST and $_COOKIE global variables. Developers can then in theory use string concatenation to construct safe SQL queries with data provided by the user. (This was most accurate when PHP 2 and PHP 3 were current, since the primary supported databases allowed only 1-byte character sets.)
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「Magic quotes」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|