MySQL escape character

When the user submits the form, some users will submit some special characters,
such as single quote double quotes, at this point,
If you insert the database directly as a normal string,
The database may not be inserted correctly

Pdo::quote to escape single and double quotes in MySQL statements

PHP for security, so introduced a MAGIC_QUOTES_GPC = on function, you can directly put single quotation marks into the database without any processing, then for off, you need to consider the problem of single quotes, rather than blindly trust the operating environment.

When MAGIC_QUOTES_GPC = ON, using the addslashes () processed data in the database will be in the form of \ ', if the direct output at this time, you will find a more than the content of their expectations, so stripslashes (), it can put \ Remove (differs from str_replace ("\", "", $Str)).

When the MAGIC_QUOTES_GPC = off, the use of addslashes () processed data in the database will be ' form ' to save, there is no problem mentioned above, addslashes () play the role of inserting data without error, if the direct output at this time, the data is normal. No need to use stripslashes ().

Addslashes () and stripslashes () are exactly the opposite, Direct Memory: addslashes () Add a \,stripslashes () to a \

So when do you use it?

Simply put:

When MAGIC_QUOTES_GPC = ON, the system automatically handles issues such as single quotes, with no addslashes () and stripslashes (), but if the data is added with Addslashes (), Then the data must be displayed stripslashes ()

When MAGIC_QUOTES_GPC = off, the system does not handle problems such as single quotes, so you must use Addslashes () when inserting data, and you do not need to use stripslashes () when displaying data.

Since there is analysis, what to do when the program? Depending on the above two conditions, it is possible to:

Regardless of whether MAGIC_QUOTES_GPC is on or off, we use addslashes () when we add data, and when on, we must use Stripslashes (), which is not stripslashes () when off.

How do I tell if it is on or off? Use GET_MAGIC_QUOTES_GPC ().

The last example:

Copy Code
Code
Submit data, or variable preparation:
$Content =addslashes ("This is data, whether there is a single quote or a variable");
Inserting data into the database, omitting the code
Start displaying data
$Content = "Data read from the database";
if (GET_MAGIC_QUOTES_GPC ()) {
$Content =stripslashes ($Content);
}
Echo $Content;

MySQL escape character