About PHP filtering illegal characters
SQL statement check-in error, filter out the '% ', see online has this mysql_real_escape_string function, I use after return empty, do not know what reason? Are there any useful PHP filter character functions?
------Solution--------------------
Addcslashes
------Solution--------------------
Note that the difference is a C
Addcslashes
Use a backslash like C to escape characters in a string (PHP 4, PHP 5)
String addcslashes (String str, string charlist)
Describe
Returns a string that has a backslash in front of the character in the parameter charlist list. This function escapes \ n, \ r, and so on. As in C, the ASCII code below 32 and the word nonspacing above 126 are converted to octal notation.
Be careful when you choose to escape characters 0, a, B, F, N, R, T, and V, and they will be converted to \ \a, \b, \f, \ n, \ r, \ t, and \v. In PHP, only the (NULL), \ r (carriage return), \ n (newline) and \ t (delimiters) are predefined escape sequences, whereas in C, all the converted characters above are predefined escape sequences.
Charlist parameters, such as "\0..\37", will escape all ASCII codes between 0 and 37 characters.
Using a backslash reference string (PHP 3, PHP 4, PHP 5)
String addslashes (String str)
Describe
Returns a string that is preceded by a backslash in order for the database query statement to be preceded by some characters. These characters are single quotes ('), double quotation marks ("), backslashes (\), and NUL (the NULL character).
An example of using addslashes () is when you want to enter data into the database. For example, the name O ' Reilly is inserted into the database, which needs to be escaped. Most databases use \ as escape character: O\ ' Reilly. This allows the data to be placed in the database without inserting additional \. When PHP instruction Magic_quotes_sybase is set to ON, it means that the insert ' will be used ' to escape.
By default, PHP instruction MAGIC_QUOTES_GPC is on, and it is primarily for all GET, POST, and COOKIE data automatically run Addslashes (). Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
