Home > Developer > MySQL

The PHP submission form contains single quotes, and MySQL encounters the wrong solution when it executes.

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

First look at the problem.

"INSERT into Tg_article (
Tg_username,
Tg_type,
Tg_title,
Tg_content,
Tg_date
)
VALUES (
' {$_clean[' username '} ',
' {$_clean[' type '} ',
' {$_clean[' title '} ',
' {$_clean[' content '} ',
Now ()
)
"

People will find that the party to submit the content and the single quotation mark, value is inside the single quotation mark, this is a clear error, this is also in the development of Web site often encountered and easy to ignore the problem. Let's talk about how to solve it.


1. In the case of Magic_quotes_gpc=on,

We can not make the string data of the input and output database

Addslashes () and Stripslashes (), the data will also be displayed normally.
If you do a addslashes () processing of the input data at this time,
Then you must use Stripslashes () to remove the extra backslash when outputting.
2. In the case of Magic_quotes_gpc=off
The input data must be processed using addslashes (), but does not require the use of stripslashes () to format the output
Because Addslashes () did not write the backslash to the database, it only helped MySQL complete the execution of the SQL statement.

Creates an escape function and escapes the content

function _mysql_string ($_string) {    //GET_MAGIC_QUOTES_GPC () If the open state is not escaped, otherwise Z escape  //  if (! GPC) {       //return @mysql_escape_string ($_string);   }else{         //return $_string;    if (GPC) {        if (Is_array ($_string)) {            foreach ($_string as $_key=>$_value) {                $_string[$_key] = _ Mysql_string ($_value);                $_string[$_key] = addslashes ($_string[$_key]);            }        } else{            $_string = @mysql_real_escape_string ($_string);        }    }              return $_string;}

Accept content        $_clean = Array ();        $_clean[' username '] = $_cookie[' username '];        $_clean[' type '] = $_post[' type ');        $_clean[' title '] = $_post[' title '];        $_clean[' content ' = $_post[' content '];        _mysql_string ($_clean);



The PHP submission form contains single quotes, and MySQL encounters the wrong solution when it executes.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
wordpress the field single and free quotes single and available quotes php single quotes php script for form submission difference between double quotes and single quotes form and function quotes
Related Article
MySQL batch update and batch update different values for mult...
The solution of no package Mysql-server available error when ...
The efficiency of MySQL nested query and connection query
The differences between int, bigint, smallint, and tinyint in...
MySQL row-level lock, table-level lock, page-level lock Detai...
MySQL Case statement (with instance)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More