Addcslashes and stripcslashes function usage analysis _php techniques in PHP

Source: Internet
Author: User

This paper analyzes the usage of addcslashes and stripcslashes functions in PHP. Share to everyone for your reference, specific as follows:

In the English version of a website, after writing and filling in English information, I casually fill out a little problem no, but when filling in the specified content is not added, also do not complain, I looked at the database, found that this field is "TEXT" data type, I thought it was too long the reason for the content, so I changed the data type to " Longtext ", but the same problem was found at the time of submission. Now let's introduce you to the Addcslashes function!

Later consult colleagues, colleagues found in English with punctuation "'" reason, MySQL execution to here automatically think that the statement end, so just fill in add not. Now that we've found out the problem, we have to find a solution, which is to add the escape character "\" to the "'" in the text, just in case PHP provides the function addcslashes and stripcslashes that automatically adds or removes the escape characters in the string, and then after the test, Sure enough to solve the problem! Thus, I usually write the procedure is not strictly prohibited, will always ignore the details of such a problem, if the hacker found these problems add a use, the site is basically over, so we must take warning, do not make the same mistake with me.

The following is a brief introduction to the use of these two functions:

String Addcslashes (String str,string charlist)

The 1th parameter str is the original string for the Lost property

The 2nd parameter charlist describes which characters in the original string need to be preceded by the character "\".

String stripcslashes (String str)

Remove "\" from the string.

Also, you can use the Addslashes function to escape processing directly for "'".

Examples are as follows:

<?php
$sql = "Update book set Bookname= ' Let's Go ' where bookid=1";
 echo $sql. " <br/> ";
 $new _sql = addcslashes ($sql, "'");
 echo $new _sql. " <br/> ";
 $new _sql_01 = stripcslashes ($new _sql);
 echo $new _sql_01. " <br/> ";
 echo addslashes ($sql);
? >

The results of the operation are as follows:

Update book set Bookname= ' Let's Go ' where bookid=1
update book set bookname=\ ' let\ ' go\ ' where bookid=1
update Book set Bookname= ' Let's Go ' where bookid=1 the
update book set bookname=\ ' let\ ' go\ ' where bookid=1

I hope this article will help you with the PHP program design.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.