Thinkphp inbound two-time backslash escape and database class escape solution, thinkphp slash
In this paper, the solution of two times backslash escaping and database class escaping in thinkphp storage is described. Share to everyone for your reference. Here's how:
This happens when the MAGIC_QUOTES_GPC is turned on. The reason is that thinkphp in the storage time did not determine whether the MAGIC_QUOTES_GPC is open, regardless of 3,721 to escape processing.
The workaround is to add the following code to the portal file:
Copy the Code code as follows: if (!GET_MAGIC_QUOTES_GPC ()) {
function Addslashes_deep ($value) {
$value = Is_array ($value)?
Array_map (' Addslashes_deep ', $value):
Addslashes ($value);
return $value;
}
$_post = Array_map (' Addslashes_deep ', $_post);
$_get = Array_map (' Addslashes_deep ', $_get);
$_cookie = Array_map (' Addslashes_deep ', $_cookie);
$_request = Array_map (' Addslashes_deep ', $_request);
}
Someone has done this to modify the escape function in DbMysql.class.php:
Copy the Code Code as follows: Public function escape_string ($STR) {
if (GET_MAGIC_QUOTES_GPC ()) {
return $str;
}
if ($this->_linkid) {
Return mysql_real_escape_string ($STR, $this->_linkid);
}else{
Return mysql_escape_string ($STR);
}
}
In fact, this method is not advisable! Because if the magic function is on, and $str is not post or get (such as reading text, database), it still does not add a backslash.
So I don't care whether or not the $STR has been escaped, all escapes are removed, and then the escape is added. This avoids the two escapes and avoids the omission escaping.
Here is my method of modification:
Copy the Code Code as follows: Public function escape_string ($STR) {
$str = Stripslashes ($STR);
if ($this->_linkid) {
Return mysql_real_escape_string ($STR, $this->_linkid);
}else{
Return mysql_escape_string ($STR);
}
}
It is hoped that this article will be helpful to everyone's thinkphp framework design.
Thinkphp Why are the double quotes written to the database escaped?
And the database does not matter, and the PHP INSERT statement, query the INSERT statement must be some of the change is not
Whether it is necessary to escape with a backslash when storing special characters (such as single quotes) in the database
No escape you insert into not go in, will error
But the single quotation marks are also more disgusting, add the time need a single quotation mark to change the meaning
http://www.bkjia.com/PHPjc/906108.html www.bkjia.com true http://www.bkjia.com/PHPjc/906108.html techarticle thinkphp The solution of two-time backslash escaping and database class escaping in storage, thinkphp slash This paper introduces the solution of two backslash escaping and database class escaping in thinkphp storage ...