MySQL Escape character issue

Source: Internet
Author: User
Tags php language

First, we need to know that the database is made up of tables, when you insert data into one of the tables, such as numbers, words, etc.
Insertion can be inserted normally, but once you insert special characters, such as inserting the contents of the parentheses below ("ABC") into the table. Such as
Without the quotation marks, ABC is able to insert, but with double quotation marks, when inserted into the table, the database will assume that the double quotation marks are in the PHP language
The special character of the face, then this pair of double quotes will not be inserted into the table, this time only by escaping, let the database put this pair of double quotes and ABC three words
The same character. Then it can be plugged in.

The essence of escaping the characters inserted into MySQL is to insert the special word such as ("," ", \, null) in PHP into the database.

PHP addcslashes () function
Definition and usage
The Addcslashes () function adds a backslash before the specified character.
Grammar
Addcslashes (string,characters) parameter description
string is required. Specifies the string to check.
Characters is optional. Specifies the range of characters or characters affected by addcslashes ().
Hints and Notes
Note: Be careful when applying addcslashes () to 0,r,n and T. In PHP, \0,\r,\n and \ t are pre-defined escape sequences.
Instance
Example 1
In this case, we're going to add a backslash to a specific character in the string:
<?php
$str = "Hello, my name is John Adams.";
Echo $str;
Echo addcslashes ($str, ' m ');
Echo addcslashes ($str, ' J ');
?>
Output:
Hello, my name is John Adams.
Hello, \my Na\me is John Ada\ms.
Hello, my name is \john Adams.

and the use of function addslashes ():
PHP addslashes () function
Definition and usage
the Addslashes () function adds a backslash before the specified predefined character.
These predefined characters are:
? single quotation mark (')
? double quotation marks (")
? back slash (\)
? Null
Grammar
Addslashes (String) parameter description
string is required. Specifies the string to check.
Hints and notes
Tip: This function can be used to prepare the appropriate string for strings stored in the database and for database query statements.
Note: By default, PHP instruction MAGIC_QUOTES_GPC is on, and automatically runs Addslashes () for all GET, POST, and COOKIE data. Do not use Addslashes () for strings that have been MAGIC_QUOTES_GPC escaped, because this results in double-layer escaping. You can use the function GET_MAGIC_QUOTES_GPC () to detect this situation.
Example
In this case, we're going to add a backslash to the predefined characters in the string:
<?php
$str = "Who ' s John Adams?";
Echo $str. "This isn't safe in a database query.<br/>";
echo addslashes ($STR). "This is safe in a database query.";
?>
output:
Who ' s John Adams? This is the not safe in a database query.
Who\ ' s John Adams? This is safe in a database query. They all have a corresponding way to remove the backslash that they added, respectively: Stripcslashes () and Stripslashes ().

The escape character of MySQL "\"
MySQL recognizes the following escape characters:

/
An ASCII 0 (NUL) character.
\ n
A new line character.
\ t
A locator character.
\ r
A carriage return character.
\b
A backspace.
\‘
A single quotation mark ("'") character.
\  "
A double quotation mark ("" ") character.
\\
A backslash ("\") character.
\%
A "%" character. It is used to search for "%" text instances in the body, otherwise "%" here will be interpreted as a wildcard character.
\_ a "_" character. It is used to search the text instance of "_" in the body, otherwise "_" here will be interpreted as a wildcard character.
Note that if you use "\%" or "\%_" in some body environments, these will return the string "\%" and "\_" instead of "%" and "_".


There are several ways to include quotation marks within a string:
1. Must be escaped:
a string is quoted as a single quotation mark "'", and the single quote "'" character in the string can be escaped with "'".
A string is referenced by a double quotation mark "", and the "" "character in the string can be escaped by means of" "".
You can also continue to use an escape character "\" to escape
2, do not escape:
A string is referenced by a double quotation mark "", and the single quotation mark "'" in the string does not need to be treated in a special way and is not duplicated or escaped. Similarly, a string is referenced by a single quotation mark "'", and the double quotation mark "" "in the string does not need to be treated in a special way and is not duplicated or escaped.

MySQL Escape character issue

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.