Background processing
$name =addslashes ($_post[' name ');//Escape single quotation mark
When insert, is it stored in the database with an escape symbol? Or remove the escape symbol?
If you're depositing the escape symbol into the database, there's a small problem.
If I want to find out if the name is not repeated, I need to compare the $name
Still escaped $name =addslashes ($_post[' name ");
SELECT Count (*) as num from talbe WHERE name = $name
Num shows 0, which means the same is not found,
Print SQL statement for SELECT COUNT (*) as num from talbe WHERE name = ' this/' s a apple '
Num has a value of zero, and I opened the database and found that the value of this field is This/'s a, apple, so it's definitely not going to find
If you $name and then escape again to find it, the value of the $name is this///' s a apple to find the record
In other words, two times addslashes function
How do you deal with such a problem? Wouldn't it be a lot of trouble if I had to use two times?
------Solution--------------------
Then if PHP.ini opened the MAGIC_QUOTES_GPC, then the cookie ah, post,get Ah, will default on the addslashes, such as the user upload is Li ' Lei, then you $_post[' name '] get is li\ ' Lei, which is directly stitched into sql:
SELECT * FROM table where name= ' li\ ' lei ' on the line, no need to addslashes.
If you give it addslashes, that is perverted, because \ will also affect the MySQL parsing command, so addslashes will also transfer it, the result is really abnormal:
Addslashes ("Li\ ' lei"); generates a li\\\ ' lei, which is built into SQL:
SELECT * FROM table where name= ' li\\\ ' lei ', after warehousing is actually li\ ' lei, one more.
In addition, stripslashes is seldom used, because generally only php.ini is turned on by default MAGIC_QUOTES_GPC (Get,post,cookie meaning), if we want to use the value that the user really commits, such as the Li ' Lei, Then need to do stripslashes ($_post[' name '); The name here is the Li\ ' lei, which is automatically addslahes, and the strip is Li ' Lei.
If not strip, then the output to the page, the user will see is the Li\ ' lei.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.