On the function parsing of addcslashes and stripcslashes in PHP

This article mainly introduces the usage of addcslashes and stripcslashes functions in PHP, and analyzes the method of addcslashes function to add the escape processing for fixed characters and stripcslashes to restore operation with the example form. A friend you need can refer to the following

This paper analyzes the usage of addcslashes and stripcslashes functions in PHP. Share to everyone for your reference, as follows:

When writing the English version of a website, after writing to fill in the English material, I casually fill in a little problem, but whenever fill in the specified content is not filled, nor error, I looked at the database, found that the field is "TEXT" data number type, I think the content is too long reason, so I changed the data type to " Longtext ", but the same problem was found at the time of submission. Let us introduce you to the Addcslashes function now!

Later consulted colleagues, colleagues found in the English with punctuation "'" reason, MySQL execution here automatically think the statement ended, so it is not filled. Now that we find out the problem, we need to find the solution, that is, in the text content of "'" before all add the escape character "\", just in PHP provides automatically in the string to add or remove the escape character of the function addcslashes and stripcslashes, and then add the test, Sure enough, solve the problem! This shows that I usually write the program is not strictly forbidden, will always ignore the details of such problems, if the hacker found these problems plus a use, the site basically over, so we must warning, do not and I make the same mistake oh.

The following is a brief introduction to the use of these two functions:

String Addcslashes (String str,string charlist)

1th parameter str is the original string to be lost

The 2nd parameter, charlist, shows which characters in the original string need to be preceded by a character "\".

String stripcslashes (String str)

Remove the "\" from the string.

In addition, the Addslashes function can also be used to escape directly for "'".

Examples are as follows:

<?php$sql = "Update book set Bookname= ' Let ' s go ' where bookid=1"; echo $sql. " <br/> "; $new _sql = addcslashes ($sql, "'"); echo $new _sql. " <br/> "; $new _sql_01 = stripcslashes ($new _sql); echo $new _sql_01. " <br/> "; echo addslashes ($sql);? >

The results of the operation are as follows:

Update book set Bookname= ' Let's Go ' where Bookid=1update book set bookname=\ ' let\ ' s go\ ' where bookid=1update book set Boo Kname= ' Let's Go ' where Bookid=1update book set bookname=\ ' let\ ' s go\ ' where bookid=1

The above is the whole content of this article, I hope that everyone's learning has helped, more relevant content please pay attention to topic.alibabacloud.com!