Home>

When writing an English version of a website,Fill in English information after writing,I did n’t have any questions when I filled it in casually.But every time you fill in the specified content,No error is reported,I checked the database,Found that this field is using the "text" data number type,I thought it was too long.So I changed the data type to "longtext", but found the same problem when submitting.Let's introduce the addcslashes function to everyone!

Later I asked my colleagues,Colleagues found that there is a punctuation "" in English, and mysql automatically thinks that the statement ends after it is executed.That's why I can't add it.Now that you have identified the problem, you have to find the corresponding solution.That is to add the escape character "\" before the "" in the text content. Just as PHP provides the functions addcslashes and stripcslashes that automatically add or remove escape characters to the string, so after testing,Sure enough, the problem is solved!I'm not strictly forbidden when writing programs on weekdays,Always ignore the detailsIf these problems are found by a hacker plus one,The website is basically over, so everyone must be alert.Don't make the same mistake as me.

The following briefly introduces the usage of these two functions:

string addcslashes (string str, string charlist)

The first parameter str is the original character string

The second parameter, charlist, specifies which characters of the original string need to be preceded by the character "\".

string stripcslashes (string str)

Remove the "\" from the string.

In addition, using the addslashes function can also be directly escaped for "" ".

Examples are:

<?php
$sql="update book set bookname =" let "s go" where bookid=1 ";
 echo $sql. "<br />";
 $new_sql=addcslashes ($sql, "" ");
 echo $new_sql. "<br />";
 $new_sql_01=stripcslashes ($new_sql);
 echo $new_sql_01. "<br />";
 echo addslashes ($sql);
?>

The results are as follows:

update book set bookname="let" s go "where bookid=1
update book set bookname=\ "let \" s go \ "where bookid=1
update book set bookname="let" s go "where bookid=1
update book set bookname=\ "let \" s go \ "where bookid=1
php
  • Previous Relevant functions used for title display in WordPress development
  • Next PHP combines Jquery and ajax to achieve waterfall effects