thinkphp two-time backslash escape and the solution of database class Escape _php Example

Source: Internet
Author: User

The example of this article describes the solution of two times backslash escape and database class escape in thinkphp storage. Share to everyone for your reference. The specific methods are as follows:

This situation occurs when the MAGIC_QUOTES_GPC is open. The reason is that thinkphp in the storage time did not determine whether MAGIC_QUOTES_GPC open, regardless of 3,721 of the escape processing.
The workaround is to add the following code to the entry file:

Copy Code code as follows:
if (!GET_MAGIC_QUOTES_GPC ()) {
function Addslashes_deep ($value) {
$value = Is_array ($value)?
Array_map (' Addslashes_deep ', $value):
Addslashes ($value);
return $value;
}
$_post = Array_map (' Addslashes_deep ', $_post);
$_get = Array_map (' Addslashes_deep ', $_get);
$_cookie = Array_map (' Addslashes_deep ', $_cookie);
$_request = Array_map (' Addslashes_deep ', $_request);
}

Someone modifies the escape function in DbMysql.class.php:

Copy Code code as follows:
Public Function escape_string ($STR) {
if (GET_MAGIC_QUOTES_GPC ()) {
return $str;
}
if ($this->_linkid) {
Return mysql_real_escape_string ($STR, $this->_linkid);
}else{
Return mysql_escape_string ($STR);
}
}

In fact, this method is not desirable! Because if the magic function is on, and $str is not post or get (such as reading text, database), it still does not have a backslash.
So I don't care if $STR has been escaped, remove the escape first and then add the escape. This avoids two escapes and avoids the omission of escape.
Here's how I modify it:

Copy Code code as follows:
Public Function escape_string ($STR) {
$str = Stripslashes ($STR);
if ($this->_linkid) {
Return mysql_real_escape_string ($STR, $this->_linkid);
}else{
Return mysql_escape_string ($STR);
}
}

I hope this article will be helpful to everyone's thinkphp framework program design.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.