String is changed during delivery, string passing _php tutorial

Source: Internet
Author: User

String is changed during delivery, string passing


Situation Description:

The content of the front-end input is:;? 9w/u\| " S6u|:m

However, it is passed to the backend and then saved to the database:;? 9w/u| " S6u|:m

What is this for?

What's going on here?

1: I found the insert to the database is still correct before

2: Then use the Heidisql tool alone to change the value, which displays the SQL statement:

  UPDATE `bitstorm_http_node`.`config_user_pwd` SET `Password`=';?9W/U\\|"s6u|:M' WHERE `Id`=14;

We found that before the insert operation, it added escape payment to escape the special symbol ' \ ' in the value.

Why on earth would it be escaped? Is it a string of single quotes and double quotes?

If you put the character in single quotes ', except for the single quotation mark itself, the majority of the characters inode explain the Sing woo written in the same form as in the code.

Strings placed between double quotes support insert substitution (variables embedded in a string are replaced with their contents), and escape characters are replaced, such as replacing \ n with a newline character , and replacing \t,\ with a tab instead of \. Again, \| it will be interpreted as |

If you put the SQL of the code in the above PHP into single quotes, it would be an invalid SQL statement:

Invalid Query

INSERT into ' bitstorm_http_node '. ' Config_user_pwd ' (' Id ', ' domain_name ', ' Username ', ' Password ') VALUES (0, " Mdc-mon-tg-zabvip01.ubisoft.onbe "," Cheng.wang ",";? " 9w/u\| " S6u|:m ");

Workaround:

In PHP: Not every piece of data that is escaped is inserted into the database, and if all data entered into PHP is escaped, then the efficiency of the execution of the program will have a certain impact, resulting in performance problems.

Calling an escape function (such as addslashes ()) at run time is more efficient.

So it's clear that the database is inserted here and we need to escape, so call the Addslashes () function to escape where it needs to be escaped manually.

       $pwd addslashes ($pwd);//Add this line of code and save it to the database right, OK, solve        the problem  if($zabbixHelper= =  False) {            return$this->returnerror ("Invalid Input:can not Login Zabbix using this username and password. " );        }         $sql $domainName $username $pwd . "');" ;         $this->callsqlquery ($sql));

  Finally, in PHP, there are times when JSON encoding needs to be escaped:

$parameters = Addslashes (Json_encode ($args));

http://www.bkjia.com/PHPjc/1069124.html www.bkjia.com true http://www.bkjia.com/PHPjc/1069124.html techarticle The string has changed during delivery, and the string delivery Description: The content of the front-end input is:;? 9w/u\| " S6u|:m However, passed to the backend and then saved to the database became:;? 9 ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.