ThinkPHP入库出现两次反斜线转义及数据库类转义的解决方法，thinkphp斜线-php手册-php.cn

Home

php教程

php手册

ThinkPHP入库出现两次反斜线转义及数据库类转义的解决方法，thinkphp斜线

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 09:22 AM

thinkphpapostropheSolution

ThinkPHP入库出现两次反斜线转义及数据库类转义的解决方法，thinkphp斜线

本文实例讲述了ThinkPHP入库出现两次反斜线转义及数据库类转义的解决方法。分享给大家供大家参考。具体方法如下：

这种情况是在 magic_quotes_gpc 开启的情况下发生的。原因是thinkphp在入库的时候没有判断 magic_quotes_gpc 是否开启，不管三七二十一地进行了转义处理。
解决办法是在入口文件增加如下代码则可：

复制代码代码如下:

if (!get_magic_quotes_gpc()) {
    function addslashes_deep($value) {
        $value = is_array($value) ?
            array_map('addslashes_deep', $value) :
            addslashes($value);
        return $value;
   }
   $_POST = array_map('addslashes_deep', $_POST);
   $_GET = array_map('addslashes_deep', $_GET);
   $_COOKIE = array_map('addslashes_deep', $_COOKIE);
   $_REQUEST = array_map('addslashes_deep', $_REQUEST);
}

有人这样修改DbMysql.class.php中的转义函数：

复制代码代码如下:

public function escape_string($str) {
if (get_magic_quotes_gpc()) {
return $str;
}
if($this->_linkID) {
return mysql_real_escape_string($str,$this->_linkID);
}else{
return mysql_escape_string($str);
}
}

其实这种方法并不可取！因为如果魔术函数on时，而$str又不是post或get得来（比如读取文本、数据库），它还是没加反斜线。
所以我不管$str是否已经被转义，一律先去除转义，然后再加上转义。这样就避免了二次转义，也避免了遗漏转义。
下面是我的修改方法：

复制代码代码如下:

public function escape_string($str) {
$str = stripslashes($str);
if($this->_linkID) {
return mysql_real_escape_string($str,$this->_linkID);
}else{
return mysql_escape_string($str);
}
}

希望本文所述对大家的ThinkPHP框架程序设计有所帮助。

Thinkphp为何有的双引号写入数据库被转义了有的没有?

和数据库没关系，和php插入语句有关，查询一下插入语句肯定有些是转意的有些没有

把含有特殊字符（比如单引号）存入数据库时，是否有必要对其加上反斜线进行转义

不escape你都insert into不进去吧，会报错的

不过单引号还比较恶心，加的时候需要多加一个单引号转意

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

4 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

3 weeks agoByDDD

Where to find the Crane Control Keycard in Atomfall

4 weeks agoByDDD

Roblox: Dead Rails - How To Complete Every Challenge

1 months agoByDDD

Atomfall guide: item locations, quest guides, and tips

1 months agoByDDD

Hot Tools

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

Atom editor mac version download

The most popular open source editor

WebStorm Mac version

Useful JavaScript development tools

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.