The difference between PHP stripslashes and addslashes _php skills

When we write data to MySQL, for example:

Copy Code code as follows:

mysql_query ("Update table set ' title ' = ' Kuhanzhu ' blog '");

That's going to go wrong. As with ASP, the database is allergic to single quotes. And addslashes at this time the longest face, and ASP's replace ("'", "" "," Kuhanzhu ' s Blog ") function the same.

PHP for security, so introduced a MAGIC_QUOTES_GPC = on function, you can not do any processing can directly insert single quotes into the database, then for off, you need to consider the problem of single quotes, rather than blindly trust the running environment.

When MAGIC_QUOTES_GPC = on, using the addslashes () processed data in the database will be saved in the form, if the direct output at this time, you will find more than you expect the content of a \, so Stripslashes () out, it can be removed (different from str_replace ("\", "", $Str)).

When MAGIC_QUOTES_GPC = off, the use of addslashes () processed data in the database will be ' form, without the above mentioned problem, addslashes () to insert data error-free role, If the direct output at this point, the data is normal. No need to use stripslashes ().

Addslashes () and stripslashes () are exactly the opposite, Direct Memory: addslashes () Add a \,stripslashes () to a

So when do you use it?

Simply put:

When MAGIC_QUOTES_GPC = ON, the system automatically handles issues such as single quotes without addslashes () and stripslashes (), but if you add data with addslashes (), Then the data must be displayed stripslashes ()

When MAGIC_QUOTES_GPC = off, problems such as single quotes are not processed, so you must use Addslashes () when you insert data, and you do not need to use stripslashes () when displaying the data.

Now that you have an analysis, what do you do when you do the procedure? According to the above two situations, you can get:

Regardless of whether MAGIC_QUOTES_GPC is on or off, I use addslashes () when I add the data, and when on, you must use Stripslashes (), and when on, you cannot use Stripslashes ().

How do I determine on or off? Use GET_MAGIC_QUOTES_GPC ().

Last Example:

Copy Code code as follows:

Code
Submit data, or variable preparation:
$Content =addslashes ("Here is the data, whether there is a single quotation mark or a variable");
Inserting data into a database, omitting code
Start displaying data
$Content = "Data read from a database";
if (GET_MAGIC_QUOTES_GPC ()) {
$Content =stripslashes ($Content);
}
Echo $Content;