When writing an English version of a website,Fill in English information after writing,I did n’t have any questions when I filled it in casually.But every time you fill in the specified content,No error is reported,I checked the database,Found that this field is using the "text" data number type,I thought it was too long.So I changed the data type to "longtext", but found the same problem when submitting.Let's introduce the addcslashes function to everyone!
Later I asked my colleagues,Colleagues found that there is a punctuation "" in English, and mysql automatically thinks that the statement ends after it is executed.That's why I can't add it.Now that you have identified the problem, you have to find the corresponding solution.That is to add the escape character "\" before the "" in the text content. Just as PHP provides the functions addcslashes and stripcslashes that automatically add or remove escape characters to the string, so after testing,Sure enough, the problem is solved!I'm not strictly forbidden when writing programs on weekdays,Always ignore the detailsIf these problems are found by a hacker plus one,The website is basically over, so everyone must be alert.Don't make the same mistake as me.
The following briefly introduces the usage of these two functions:
string addcslashes (string str, string charlist)
The first parameter str is the original character string
The second parameter, charlist, specifies which characters of the original string need to be preceded by the character "\".
string stripcslashes (string str)
Remove the "\" from the string.
In addition, using the addslashes function can also be directly escaped for "" ".
<?php $sql="update book set bookname =" let "s go" where bookid=1 "; echo $sql. "<br />"; $new_sql=addcslashes ($sql, "" "); echo $new_sql. "<br />"; $new_sql_01=stripcslashes ($new_sql); echo $new_sql_01. "<br />"; echo addslashes ($sql); ?>
The results are as follows:
update book set bookname="let" s go "where bookid=1 update book set bookname=\ "let \" s go \ "where bookid=1 update book set bookname="let" s go "where bookid=1 update book set bookname=\ "let \" s go \ "where bookid=1
- python - you may need to restart the kernel to use updated packages error
- php - coincheck api authentication doesn't work
- php - i would like to introduce the coincheck api so that i can make payments with bitcoin on my ec site
- [php] i want to get account information using coincheck api
- the emulator process for avd pixel_2_api_29 was killed occurred when the android studio emulator was started, so i would like to
- python 3x - typeerror: 'method' object is not subscriptable
- i want to call a child component method from a parent in vuejs
- xcode - pod install [!] no `podfile 'found in the project directory
- dart - flutter: the instance member'stars' can't be accessed in an initializer error