The usage of addcslashes function and stripcslashes in PHP

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Today, in the English version of a website, after writing and filling in English information, I casually fill out a little problem no, but when filling in the specified content is not added, also do not complain, I looked at the database, found that this field is "TEXT" data type, I thought it was too long the reason for the content, so I changed the data type "Longtext", but the same problem was found at the time of submission.

Later consult colleagues, colleagues found in English with punctuation "'" reason, MySQL execution to here automatically think that the statement end, so just fill in add not. Now that we've found out the problem, we have to find a solution, which is to add the escape character "\" to the "'" in the text, just in case PHP provides the function addcslashes and stripcslashes that automatically adds or removes the escape characters in the string, and then after the test, Sure enough to solve the problem! Thus, I usually write the procedure is not strictly prohibited, will always ignore the details of such a problem, if the hacker found these problems add a use, the site is basically over, so we must take warning, do not make the same mistake with me.

The following is a brief introduction to the use of these two functions:

String Addcslashes (String str,string charlist): The 1th parameter, str, is the original string to be lost, and the 2nd parameter charlist describes which characters in the original string need to be preceded by the character "\".
String stripcslashes (String str): Removes "\" from the string.

Cases：
<?php
$sql = "Update book set Bookname= ' Let's Go ' where bookid=1";
Echo $sql. <br> ";
$new _sql = addcslashes ($sql, "'");
Echo $new _sql. <br> "; Update book set bookname=\ ' let ' s go\ ' where bookid=1
$new _sql_01 = stripcslashes ($new _sql);
echo $new _sql_01; Update book set Bookname= ' Let's Go ' where bookid=1
?>

This article originates from Shuro's Blog (http://www.shuro.cn), reproduced please indicate the source, thank you!