thinkphp two-time backslash escape and the solution of database class Escape _php Example

The example of this article describes the solution of two times backslash escape and database class escape in thinkphp storage. Share to everyone for your reference. The specific methods are as follows:

This situation occurs when the MAGIC_QUOTES_GPC is open. The reason is that thinkphp in the storage time did not determine whether MAGIC_QUOTES_GPC open, regardless of 3,721 of the escape processing.
The workaround is to add the following code to the entry file:

Copy Code code as follows:

if (!GET_MAGIC_QUOTES_GPC ()) {
function Addslashes_deep ($value) {
$value = Is_array ($value)?
Array_map (' Addslashes_deep ', $value):
Addslashes ($value);
return $value;
}
$_post = Array_map (' Addslashes_deep ', $_post);
$_get = Array_map (' Addslashes_deep ', $_get);
$_cookie = Array_map (' Addslashes_deep ', $_cookie);
$_request = Array_map (' Addslashes_deep ', $_request);
}

Someone modifies the escape function in DbMysql.class.php:

Copy Code code as follows:

Public Function escape_string ($STR) {
if (GET_MAGIC_QUOTES_GPC ()) {
return $str;
}
if ($this->_linkid) {
Return mysql_real_escape_string ($STR, $this->_linkid);
}else{
Return mysql_escape_string ($STR);
}
}

In fact, this method is not desirable! Because if the magic function is on, and $str is not post or get (such as reading text, database), it still does not have a backslash.
So I don't care if $STR has been escaped, remove the escape first and then add the escape. This avoids two escapes and avoids the omission of escape.
Here's how I modify it:

Copy Code code as follows:

Public Function escape_string ($STR) {
$str = Stripslashes ($STR);
if ($this->_linkid) {
Return mysql_real_escape_string ($STR, $this->_linkid);
}else{
Return mysql_escape_string ($STR);
}
}

I hope this article will be helpful to everyone's thinkphp framework program design.