question:
When we write data to mysql, if there are special characters in the data, the data will not be stored normally, such as:
|
1
|
mysql_query(”update table set `name`=
'make'
s'”);
|
At this time, addslashes()this function is generally used to escape special characters in the data
Approach
For the sake of security, PHP has introduced a magic_quotes_gpc = Onfunction that can directly insert single quotation marks into the database without any processing. Then, for Off, you need to consider the problem of single quotation marks, instead of blindly trusting the running environment.
At that timemagic_quotes_gpc = On , the addslashes()processed data will be saved in the form of \' in the database. If you output it directly at this time, you will find that there are more \'s than what you expected, so when you come stripslashes()out, it can remove \ (the difference is at str_replace(”\”, “”,$Str)).
At that timemagic_quotes_gpc = Off , the addslashes()processed data will be saved in the database in the form of ', there is no problem with \ mentioned above, and it will addslashes()play a role in inserting data without error. If it is directly output at this time, the data will be normal. No need to use again stripslashes() .
addslashes()It's the stripslashes()exact opposite, directly memorize: addslashes()add a \, stripslashes()go to a \
So when should it be used?
simply say:
At that timemagic_quotes_gpc = On , the system would automatically deal with issues such as single quotation marks. It does n't matter if you use it addslashes()or stripslashes()not, but if you use it when adding data, addslashes() you must use it when displaying the data.stripslashes()
At that timemagic_quotes_gpc = Off , the system did not deal with issues such as single quotes, so it was necessary to use it when inserting data addslashes() , but not when displaying data stripslashes() .
Now that we have analysis, what should we do when we do programming? According to the above two situations, we can get:
不管magic_quotes_gpc是On还是Off,咱添加数据时都用addslashes() ,当On时,必须使用stripslashes(),Off时则不能用stripslashes() 。
php判断是否开启get_magic_quotes_gpc
$str = (!get_magic_quotes_gpc()) ? addslashes($str) : $str;