Detailed analysis of phpaddslashes functions. Syntax: stringaddslashes (stringstr); content description this function adds a diagonal line to the quotation marks in the strings to be processed by the database, so that the database query can operate smoothly. This syntax: string addslashes (string str );
Description
This function adds a diagonal line to the quotation mark of the string to be processed by the database for smooth operation of the database query. The modified characters include single quotation marks ('), double quotation marks ("), backslash (\), and null character NUL (the null byte ).
========================================================== ======================================
1. the expression of addslashes in form submission.
The value of get_magic_quotes_gpc () must be 1. At this time A slash is automatically added to the submitted content.
For example, input 'to \', "to \", \ \\
Example:
PHP code:
The code is as follows:
Test
Echo get_magic_quotes_gpc ().
"A". $ _ POST ['message'].
"B". stripslashes ($ _ POST ['message']);
?>
Input: include ('/home/me/myfile ');
Output: 1 A include (\ '/home/me/myfile \'); B include ('/home/me/myfile ');
Conclusion: If get_magic_quotes_gpc () is equal to 1, if you do not enter the database, you will get a diagonal line.
2. performance of addslashes when submitting the input database.
Example:
PHP code:
The code is as follows:
Test
Require_once ('Des/common. php ');
$ Db-> query ("insert into 'testtable' (id, content) VALUES ('1 ','". $ _ POST ['message']. "')");
$ Query = $ db-> query ("select * from 'testtable' where 'id' = 1 ;");
$ Result = $ db-> fetch_array ($ query );
Echo get_magic_quotes_gpc ().
"A". $ _ POST ['message'].
"B". $ Result ['content'];
?>
Input: include ('/home/me/myfile ');
Output: 1 A include (\ '/home/me/myfile \'); B include ('/home/me/myfile ');
Conclusion: If get_magic_quotes_gpc () is equal to 1, you can obtain the input string without making any changes when the input database is directly read from the database.
3, get_magic_quotes_gpc ()
Get_magic_quotes_gpc () is set on the server and cannot be modified by runtime. that is to say, you must consider different situations in your webpage code in advance. otherwise, when you submit data, you do not know whether the server adds a diagonal line to you. The following two popular functions may be needed by everyone. I personally like the second one:
PHP code:
The code is as follows:
Function my_addslashes ($ message ){
If (get_magic_quotes_gpc () = 1 ){
Return $ message;
} Else {
If (is_array ($ message) = true ){
While (list ($ key, $ value) = each ($ message )){
$ Message [$ key] = my_addslashes ($ value );
}
Return $ message;
} Else {
Return addslashes ($ message );
}
}
}
PHP code:
The code is as follows:
Function my_addslashes ($ data ){
If (! Get_magic_quotes_gpc ()){
Return is_array ($ data )? Array_map ('addslashes ', $ data): AddSlashes ($ data );
} Else {
Return $ data;
}
}
The simple explanation is that if get_magic_quotes_gpc () is equal to 1 (the server is set to 1 by default), our strings can be directly stored in the database without modification. Otherwise, we will use the addslashes function.
Optional string addslashes (string str); content description this function adds a diagonal line to the quotation marks in the string to be processed by the database, so that the database query can operate smoothly. This...
