When writing an English version of a website,Fill in English information after writing,I did n’t have any questions when I filled it in casually.But every time you fill in the specified content,No error is reported,I checked the database,Found that this field is using the "text" data number type,I thought it was too long.So I changed the data type to "longtext", but found the same problem when submitting.Let's introduce the addcslashes function to everyone!
Later I asked my colleagues,Colleagues found that there is a punctuation "" in English, and mysql automatically thinks that the statement ends after it is executed.That's why I can't add it.Now that you have identified the problem, you have to find the corresponding solution.That is to add the escape character "\" before the "" in the text content. Just as PHP provides the functions addcslashes and stripcslashes that automatically add or remove escape characters to the string, so after testing,Sure enough, the problem is solved!I'm not strictly forbidden when writing programs on weekdays,Always ignore the detailsIf these problems are found by a hacker plus one,The website is basically over, so everyone must be alert.Don't make the same mistake as me.
The following briefly introduces the usage of these two functions:
string addcslashes (string str, string charlist)
The first parameter str is the original character string
The second parameter, charlist, specifies which characters of the original string need to be preceded by the character "\".
string stripcslashes (string str)
Remove the "\" from the string.
In addition, using the addslashes function can also be directly escaped for "" ".
<?php $sql="update book set bookname =" let "s go" where bookid=1 "; echo $sql. "<br />"; $new_sql=addcslashes ($sql, "" "); echo $new_sql. "<br />"; $new_sql_01=stripcslashes ($new_sql); echo $new_sql_01. "<br />"; echo addslashes ($sql); ?>
The results are as follows:
update book set bookname="let" s go "where bookid=1 update book set bookname=\ "let \" s go \ "where bookid=1 update book set bookname="let" s go "where bookid=1 update book set bookname=\ "let \" s go \ "where bookid=1
- python 3x - typeerror: 'method' object is not subscriptable
- python - you may need to restart the kernel to use updated packages error
- xcode - pod install [!] no `podfile 'found in the project directory
- android studio - unresolved reference comes out in kotlin
- vuejs - [vuetify] unable to locate target [data-app] i want to unit test to avoid warning
- android studio - emulator: dsound: could not initialize about the error message directsoundcapture
- django - oserror: [winerror 123] the file name, directory name, or volume label syntax is incorrect : '<frozen importlib_boot
- mysql startup failed [error] innodb: the innodb_system data file 'ibdata1' must be writable
- python - importerror: cannot import name md5 error cannot be resolved