PHP implementation of code to handle input escape characters, PHP escape character code _php tutorial

Source: Internet
Author: User

PHP implements the code that handles the input escape character, the PHP escape character code


First, a function is recently introduced in WordPress 3.6
/** * Add slashes to a string or array of strings. * * This should is used when the preparing data for core API is expects slashed data. * This should is used to escape data going directly into an SQL query. * * @since 3.6.0 * * @param string|array $value string or array of strings to slash.  * @return String|array slashed $value */function Wp_slash ($value) {    if (Is_array ($value)) {        foreach ($value  as $k = = $v) {            if (Is_array ($v)) {                $value [$k] = Wp_slash ($v);            } else {                $value [$k] = Addslashes ( $v);}}}    else {        $value = addslashes ($value);    }     return $value;}

1 PHP built-in functions are described first: GET_MAGIC_QUOTES_GPC ()

The function is to get the value of the MAGIC_QUOTES_GPC option in the php.ini setting.
The MAGIC_QUOTES_GPC option, if the value is on,php, automatically increases the escape character "\" for post, get, and cookie data, to ensure that the data does not cause a program, especially a fatal error caused by a special character in the database statement.

When on, characters such as single quotation marks ('), double quotation marks ("), backslashes (\) and NUL (NULL characters) are added as backslashes, otherwise they need to be handled manually, and addslashes () is used.
Returns 1 if the MAGIC_QUOTES_GPC value is on, otherwise returns 0
The Addslashes () function adds a backslash before the specified predefined character. The characters listed above

However, the GET_MAGIC_QUOTES_GPC () built-in function is canceled above PHP5.4, so that all inputs are filtered in order to avoid future errors:

if (!function_exists (GET_MAGIC_QUOTES_GPC) | |!GET_MAGIC_QUOTES_GPC ())) {   foreach (Array (' _cookie ', ' _post ', ' _ GET ') as $v) {     foreach ($ $v as $kk = + $vv) {       $kk {0}! = ' _ ' && $ $v [$KK] = addslashes ($VV);     }   

When working with MySQL and get, post data, it is often necessary to escape the quotation marks of the data.
There are three settings in PHP that can be implemented automatically for ' (single quotes), "(double quotes), \ (backslash), and NULL characters to go.
PHP is called Magic quotes, and these three settings are

Magic_quotes_gpc

Affects HTTP request data (Get,post and cookies). Cannot be changed at run time. The default value in PHP is on.

When this is turned on, the data passed through the Get,post,cookie is automatically escaped.

such as Test.php?id=abc ' de ' F
echo $_get[' id ']; # will get abc\ ' de\ ' F
Magic_quotes_gpc=on; This is turned on, there is no effect on writing to the database, such as the above $_get[' id ' write to the database, is still the ABC ' de ' F,

Conversely, if magic_quotes_gpc=off; If the character is enclosed in quotation marks (either single or double quotes), the direct write to MySQL will become blank.
But if you write it to a document, not MySQL. Then it will be abc\ ' de\ ' F

Magic_quotes_runtime

If open, most of the functions that get data from external sources and return the data, including from the database and text files, are escaped by backslashes. This option can be changed at run time, and the default value in PHP is off.

Magic_quotes_sybase

If turned on, single quotes are escaped using single quotes instead of backslashes. This option will completely overwrite the MAGIC_QUOTES_GPC. If you open two options at the same time, the single quotes will be escaped as ". Double quotes, backslashes, and NULL characters are not escaped.

My form content would have been:

Countermeasure One: Modify the php.ini file (Modify the PHP.ini this method will not say, you can Google)

Countermeasure two: To cancel the escape.

The first step: Find the data you submitted, such as $_post[' content ', and change it to $content=stripslashes ($_post[' content ');

The second step: later in the use of $post[' content ' place are replaced with $content

The third step: Submit to the database, the database is stored or normal: read it and become

(This should know how to solve it?) Why don't I just go over it?

Fourth Step: Filter the contents of the database read by Stripslashes ().

Stripslashes () This function deletes the backslash added by the addslashes () function. Used to clean up data retrieved from a database or HTML form

If you do not want the following to occur in the PHP page:
Single quotes are escaped as \ '
Double quotation marks are escaped as \ "
You can then set the following to prevent:
Set in php.ini: MAGIC_QUOTES_GPC = Off)

Summarized as follows:

1. In the case of Magic_quotes_gpc=on ,

We can not make the string data of the input and output database
Addslashes () and Stripslashes (), the data will also be displayed normally.

If you do a addslashes () processing of the input data at this time,
Then you must use Stripslashes () to remove the extra backslash when outputting.

2. In the case of Magic_quotes_gpc=off

The input data must be processed using addslashes (), but does not require the use of stripslashes () to format the output
Because Addslashes () did not write the backslash to the database, it only helped MySQL complete the execution of the SQL statement.

http://www.bkjia.com/PHPjc/1069354.html www.bkjia.com true http://www.bkjia.com/PHPjc/1069354.html techarticle PHP Implementation of the code to handle the input escape characters, the PHP escape character code First function, is the most recent WordPress 3.6 has just introduced the/** * Add slashes to a string or array of strings.

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.