Home > Article > Backend Development > Usage analysis of addcslashes and stripcslashes functions in PHP, stripcslashes_PHP tutorial
Usage analysis of addcslashes and stripcslashes functions in PHP, stripcslashes_PHP tutorial
- WBOYOriginal
- 2016-07-12 09:01:22959browse
Analysis on usage of addcslashes and stripcslashes functions in PHP, stripcslashes
This article analyzes the usage of addcslashes and stripcslashes functions in PHP with examples. Share it with everyone for your reference, the details are as follows:
When I was writing the English version of a website, I filled in the English information after I finished writing it. There was no problem at all when I filled it in casually, but whenever I filled in the specified content, I couldn’t fill it in and no error was reported. I checked. Database, I found that this field uses the "TEXT" data type. I thought it was because the content was too long, so I changed the data type to "longtext", but when I submitted it, I found that the same problem still occurred. Let’s introduce the addcslashes function to you!
Later, I asked my colleagues for advice, and they discovered that the reason for the punctuation "'" in English is that MySQL automatically considers the statement to be over after executing it here, so it cannot be added. Now that you have found the problem, you have to find the corresponding solution, which is to add the escape character "" before all "'" in the text content. It just so happens that PHP provides the ability to automatically add or remove escapes from strings. The character functions addcslashes and stripcslashes, so after adding the test, the problem was solved! It can be seen that I am not strict enough when writing programs on weekdays, and always ignore such and such details. If a HACKER discovers these problems and exploits them, the website It’s basically OVER, so everyone must take this as a warning and don’t make the same mistake as me.
The following is a brief introduction to the usage of these two functions:
string addcslashes(string str,string charlist)
The first parameter str is the original string of the lost object
The second parameter charlist specifies which characters of the original string need to be preceded by the character "".
string stripcslashes(string str)
Remove "" from the string.
In addition, you can use the addslashes function to directly escape "'".
An example is as follows:
<?php $sql = "update book set bookname='let's go' where bookid=1"; echo $sql."<br/>"; $new_sql = addcslashes($sql,"'"); echo $new_sql."<br/>"; $new_sql_01 = stripcslashes($new_sql); echo $new_sql_01."<br/>"; echo addslashes($sql); ?>
The running results are as follows:
update book set bookname='let's go' where bookid=1 update book set bookname=\'let\'s go\' where bookid=1 update book set bookname='let's go' where bookid=1 update book set bookname=\'let\'s go\' where bookid=1
I hope this article will be helpful to everyone in PHP programming.
Articles you may be interested in:
- Usage examples of string escaping and restoration using addslashes() and stripslashes() in PHP
- addslashes function and sql prevention in PHP Injection
- Analysis of the security principles of using addslashes function escape in PHP
- PHP’s explanation of htmlspecialchars, strip_tags, addslashes
- The difference between PHP function addslashes and mysql_real_escape_string
- The difference between php stripslashes and addslashes
- Analysis of the difference and comparison between php addslashes() and addclashes() functions
- What are the differences between php daddslashes() and saddslashes()
- php addslashes and other methods of clearing spaces are unsafe
- php addslashes and mysql_real_escape_string
- php addslashes function detailed analysis description