Addcslashes and stripcslashes function usage analysis _php techniques in PHP

This paper analyzes the usage of addcslashes and stripcslashes functions in PHP. Share to everyone for your reference, specific as follows:

In the English version of a website, after writing and filling in English information, I casually fill out a little problem no, but when filling in the specified content is not added, also do not complain, I looked at the database, found that this field is "TEXT" data type, I thought it was too long the reason for the content, so I changed the data type to " Longtext ", but the same problem was found at the time of submission. Now let's introduce you to the Addcslashes function!

Later consult colleagues, colleagues found in English with punctuation "'" reason, MySQL execution to here automatically think that the statement end, so just fill in add not. Now that we've found out the problem, we have to find a solution, which is to add the escape character "\" to the "'" in the text, just in case PHP provides the function addcslashes and stripcslashes that automatically adds or removes the escape characters in the string, and then after the test, Sure enough to solve the problem! Thus, I usually write the procedure is not strictly prohibited, will always ignore the details of such a problem, if the hacker found these problems add a use, the site is basically over, so we must take warning, do not make the same mistake with me.

The following is a brief introduction to the use of these two functions:

String Addcslashes (String str,string charlist)

The 1th parameter str is the original string for the Lost property

The 2nd parameter charlist describes which characters in the original string need to be preceded by the character "\".

String stripcslashes (String str)

Remove "\" from the string.

Also, you can use the Addslashes function to escape processing directly for "'".

Examples are as follows:

<?php
$sql = "Update book set Bookname= ' Let's Go ' where bookid=1";
 echo $sql. " <br/> ";
 $new _sql = addcslashes ($sql, "'");
 echo $new _sql. " <br/> ";
 $new _sql_01 = stripcslashes ($new _sql);
 echo $new _sql_01. " <br/> ";
 echo addslashes ($sql);
? >

The results of the operation are as follows:

Update book set Bookname= ' Let's Go ' where bookid=1
update book set bookname=\ ' let\ ' go\ ' where bookid=1
update Book set Bookname= ' Let's Go ' where bookid=1 the
update book set bookname=\ ' let\ ' go\ ' where bookid=1

I hope this article will help you with the PHP program design.