String is changed during delivery, string passing _php tutorial

String is changed during delivery, string passing

Situation Description:

The content of the front-end input is:;? 9w/u\| " S6u|:m

However, it is passed to the backend and then saved to the database:;? 9w/u| " S6u|:m

What is this for?

What's going on here?

1: I found the insert to the database is still correct before

2: Then use the Heidisql tool alone to change the value, which displays the SQL statement:

　　UPDATE `bitstorm_http_node`.`config_user_pwd` SET `Password`=';?9W/U\\|"s6u|:M' WHERE `Id`=14;

We found that before the insert operation, it added escape payment to escape the special symbol ' \ ' in the value.

Why on earth would it be escaped? Is it a string of single quotes and double quotes?

If you put the character in single quotes ', except for the single quotation mark itself, the majority of the characters inode explain the Sing woo written in the same form as in the code.

Strings placed between double quotes support insert substitution (variables embedded in a string are replaced with their contents), and escape characters are replaced, such as replacing \ n with a newline character , and replacing \t,\ with a tab instead of \. Again, \| it will be interpreted as |

If you put the SQL of the code in the above PHP into single quotes, it would be an invalid SQL statement:

Invalid Query

INSERT into ' bitstorm_http_node '. ' Config_user_pwd ' (' Id ', ' domain_name ', ' Username ', ' Password ') VALUES (0, " Mdc-mon-tg-zabvip01.ubisoft.onbe "," Cheng.wang ",";? " 9w/u\| " S6u|:m ");

Workaround:

In PHP: Not every piece of data that is escaped is inserted into the database, and if all data entered into PHP is escaped, then the efficiency of the execution of the program will have a certain impact, resulting in performance problems.

Calling an escape function (such as addslashes ()) at run time is more efficient.

So it's clear that the database is inserted here and we need to escape, so call the Addslashes () function to escape where it needs to be escaped manually.

　　     $pwd addslashes ($pwd);//Add this line of code and save it to the database right, OK, solve        the problem  if($zabbixHelper= =  False) {            return$this->returnerror ("Invalid Input:can not Login Zabbix using this username and password. " );        }         $sql $domainName $username $pwd . "');" ;         $this->callsqlquery ($sql));

　　Finally, in PHP, there are times when JSON encoding needs to be escaped:

$parameters = Addslashes (Json_encode ($args));

http://www.bkjia.com/PHPjc/1069124.html www.bkjia.com true http://www.bkjia.com/PHPjc/1069124.html techarticle The string has changed during delivery, and the string delivery Description: The content of the front-end input is:;? 9w/u\| " S6u|:m However, passed to the backend and then saved to the database became:;? 9 ...

