Special character handling between PHP, HTML, JavaScript, MySQL

Source: Internet
Author: User
Tags php and mysql php regular expression

Special character handling between PHP, HTML, JavaScript, MySQL

Special characters refer to characters that have special control meanings in the program, which are generally used by each program language.
Most of the special characters are derived from the traditional C language, plus their own expansion, it is more complete to meet the programming
Demand.

The escape processing of the program itself can solve its own processing needs, the problem is basically concentrated in the programming language between
The difference between the different transfer strategies. Single quotes (') and double quotation marks (") for almost all languages
will bring some trouble.

In PHP, the escape of characters using a backslash (\), and then interacting with the database using the function is:

1 addslashes ($STR);

This function is to regenerate an escaped string, which should be noted when used.
such as $str = ' "" "" "" "";//This resolution is not a problem, but the output will be problematic;

1 Htmlspecialchars ($STR);

This is a character that has a special meaning to HTML at the time of the output;

1 striptslashes ($STR);

This is the backslash (\) to remove the escape when the output

In Javascript, a backslash (\) is used to escape a special character;
The reason for querying for special characters that cannot be used (#,?, =, &) is because the class special characters belong to the HTML language URL
Parameter passing (Get mode) is used for parameter stitching, the direct use will cause the parameter passing disorder, the ending method is:
The foreground string parameter pass is wrapped using JavaScript's urlencode built-in function, and the string parameter
Special characters to the corresponding Unicode encoding, PHP takes the parameter without processing, can directly display the Unicode
The special character that is represented.

Special attention in PHP and Mysql is required for escaping the backslash (\). Backslashes are more general-purpose escapes
Symbol to match the backslash character (' \ ') in the string, in principle only 2 backslashes (\ \) are required
Yes, but PHP and MySQL need 3 or 4 backslashes (\\\\) when they do a backslash match
To match a backslash (\) in 1 strings. If you want to replace 1 backslashes in a string with 4 backslashes
Bar (\\\\) to enable SQL statements to match records in the database with 1 backslashes (\) fields, which need
Use the following conversions:

= ("/\\\\/", "\\\\\\\\\\\\\\\\", );  = ("/'/", "" ",);  = ("/_/", "' _",); = ("/%/", "'%",);

This makes the matching in the database reasonable. After use, in order to echo the $STR, to do the corresponding reverse processing:

    =  ("/\\\\\\\\\\\\\\\\/",  "\\\\", );   =  ("/"/", " ' ",  );   =  ("/' _/",  "_", );   =  ("/'%/",  "%", );    =  (); 

    this satisfies the query processing requirements for special characters.
    SQL are underlined (_), percent (%), and single quotation marks (');

1) PHP (\) escape character problem

  SQL has a special meaning: the
  need to be \\\ (3) to match;
  is written as three ' \ ' is that the backslash symbol is stripped once by the parser, and when the pattern is matched,
  will be stripped again, and eventually there will be a backslash symbol to accept the match
  such as:
  database has the following data:

1 "*_.%" [email protected]  
2 "*_.%" [email protected]\ '
1     Search     "*_.%" [email protected]       matches "*_.%" [email protected];
    
2     Search     "*_.\%" [email protected]       matches "*_.%" [email protected];
1 Search "*_.%" [Email protected]\ SQL Report syntax error
2 Search "*_.\%" [Email protected]\ SQL Report syntax error

2 Search "*_.\%" [email protected]\\ match 0 lines
1 Search "*_.%" [email protected]\\\% match results are as follows:
2 "*_.% '" [Email protected]\ '
3 "*_.%" [Email protected]\\
4 "*_.%" [Email protected]\\\
5 "*_.%" [Email protected]\\\\
1 Search "*_.%" [email protected]\\\\% match results are as follows:
2 "*_.% '" [Email protected]\ '
3 "*_.%" [Email protected]\\
4 "*_.%" [Email protected]\\\
5 "*_.%" [Email protected]\\\\
1     Search     "*_.\%" [email protected]\\\\\   match 0 lines  
2     search     "*_.\%" "[email protected]\\\\\\ matches 0 rows
3     Search     "*_.\%" [email protected]\\\\\\\ matches 1 rows
4     Search     "*_.\%" [email protected]\\\\\\\\ matches 1 lines

Summarize:
The backslash makes a query to change 1 to 4, so that you can always get the correct result.

Other:

1 $senameEnter = preg_replace ("/\\\/", "\\\\\\\\\\\\\\\\", $senameEnter);

This code replaces a backslash (\) in the $senameEnter with four backslashes (\\\\) to match
Querying for a backslash (\) in SQL requires four backslashes (\\\\) to match.
For a uniform replacement, the value can be set to replace one with four backslashes (\\\\), as in the following code:

1 $senameEnter = preg_replace ("/\\\\/", "\\\\\\\\\\\\\\\\", $senameEnter);

The backslash (\) in the PHP regular expression is used for special character escapes, in principle, as long as the backslash
Two backslashes (\ \) are used, but three backslashes (\\\) are required to match when actually used. PHP characters
The string needs to be replaced by four backslashes (\\\\) to represent a backslash. The detailed reasons are more complex and require
It is interpreted according to the internal mechanism of the program design.

2) & Symbol issues

The problem with the & symbol is that the symbol represents the connector that passes the character when the URL is passed.
There are also problems with the equals sign (=) and question mark (?).
Workaround:
JS pieced together the URL of the first to deal with these three symbols, and then reverse processing after delivery.
If the encoding is encoded as the corresponding Unicode code, the background does not need to be handled specifically.

1 URL = url.replace (/\?/g, "%3f"). Replace (/&/g, "%26"). Replace (/=/g, "%3d");

If you use jquery to extract a string that contains the ' & ' symbol, JavaScript will make it into the corresponding equation entity &
echo requires special handling (no built-in functions):

1 SENAME = $ (obj). html (). Replace (/&/g, ' & ');


Special character handling between PHP, HTML, JavaScript, MySQL

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.