The character string has changed during transmission.

Source: Internet
Author: User
: This article mainly introduces the changes in the character string passing process. if you are interested in the PHP Tutorial, please refer to it. Description:

The frontend input content is :;? 9 W/U \ | "s6u |: M

However, when it is passed to the backend and then saved to the database, it becomes :;? 9 W/U | "s6u |: M

Why?

What's going on?

1: I found that it was correct before being inserted into the database.

2: Use the heidisql tool to change the value. The SQL statement displayed is:

  UPDATE`bitstorm_http_node`.`config_user_pwd`SET`Password`=';?9W/U\\|"s6u|:M'WHERE`Id`=14;

We found that before the insert operation, the program added the escape to the value to escape the special symbol '\'

Why does it escape? Is it because the single quotation marks and double quotation marks of strings are involved?

If the character is placed between single quotes, the vast majority of characters except single quotes will be interpreted as the same form as those written in code.

Strings placed between double quotation marks support insertion and replacement (the variables embedded in the string will be replaced with their content), and escape characters will also be replaced, such as replacing \ n with line breaks, replace \ t with tab and \ \\. Similarly, \ | it will be interpreted as |

If you place the SQL statement of the above PHP code in single quotes, it will be an invalid SQL statement:

Invalid query

Insert into 'bitstorm _ http_node '. 'config _ user_pwd '('id', 'domain _ name', 'username', 'password') VALUES (0, "mdc-mon-tg-zabvip01.ubisoft.onbe", "cheng. wang ",";? 9 W/U \ | "s6u |: M ");

Solution:

In PHP: not every piece of escaped data must beInsert dataLibrary, if all the data into PHP is escaped, it will have a certain impact on the execution efficiency of the program, it will produce performance problems.

It is more efficient to call escape functions (such as addslashes () at runtime.

So obviously, hereInsert dataWe need to escape the library, so you can manually escape the library by calling the addslashes () function where you need to escape.

$ Pwd = addslashes ($ pwd); // add this line of code and save it to the database. OK, solve the problem if ($ zabbixHelper = false) {return $ this-> returnError ("Invalid input: Can not login zabbix using this username and password. ");} $ SQL =" INSERT INTO 'bitstorm _ http_node '. 'config _ user_pwd '('id', 'domain _ name', 'username', 'password') VALUES (0 ,'". $ domainName. "','". $ username. "','". $ pwd. "');"; $ this-> callSqlQuery ($ SQL ));

Finally, in PHP, sometimes escape after json encoding:

$ Parameters = addslashes (json_encode ($ args ));

The above describes the changes in the character string transmission process, including the content of data insertion, hope to be helpful to friends who are interested in the PHP Tutorial.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.