Home  >  Article  >  Backend Development  >  Solution to the problem of two backslash escapes and database class escapes in ThinkPHP database, thinkphp slash_PHP tutorial

Solution to the problem of two backslash escapes and database class escapes in ThinkPHP database, thinkphp slash_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 10:15:151252browse

The solution to two backslash escapes and database class escapes in ThinkPHP database, thinkphp slash

The example in this article describes the solution to two backslash escapes and database class escapes when ThinkPHP is imported into the database. Share it with everyone for your reference. The specific method is as follows:

This happens when magic_quotes_gpc is turned on. The reason is that thinkphp did not determine whether magic_quotes_gpc was turned on when importing it into the database, and escaped it regardless.
The solution is to add the following code to the entry file:

Copy code The code is as follows:
if (!get_magic_quotes_gpc()) {
Function addslashes_deep($value) {
         $value = is_array($value) ?
              array_map('addslashes_deep', $value):
addslashes($value);
Return $value;
}  
$_POST = array_map('addslashes_deep', $_POST);
$_GET = array_map('addslashes_deep', $_GET);
$_COOKIE = array_map('addslashes_deep', $_COOKIE);
$_REQUEST = array_map('addslashes_deep', $_REQUEST);
}

Someone modified the escape function in DbMysql.class.php like this:

Copy code The code is as follows:
public function escape_string($str) {
if (get_magic_quotes_gpc()) {
return $str;
}
if($this->_linkID) {
return mysql_real_escape_string($str,$this->_linkID);
}else{
return mysql_escape_string($str);
}
}

In fact, this method is not advisable! Because if the magic function is on and $str is not obtained by post or get (such as reading text or database), it still does not add a backslash.
So regardless of whether $str has been escaped, I always remove the escape first and then add the escape. This avoids double escaping and missing escapes.
Here’s how I modified it:

Copy code The code is as follows:
public function escape_string($str) {
$str = stripslashes($str);
if($this->_linkID) {
return mysql_real_escape_string($str,$this->_linkID);
}else{
return mysql_escape_string($str);
}
}

I hope this article will be helpful to everyone’s ThinkPHP framework programming.

Why do some double quotes written to the database in Thinkphp be escaped and some not?

It has nothing to do with the database, it has to do with the PHP insert statement. Check the insert statement. Some of it must be changed and some may not be

When storing special characters (such as single quotes) into the database, is it necessary to escape them with backslashes?

If you don’t escape, you won’t be able to insert into it. An error will be reported

But single quotes are still disgusting, so you need to add an extra single quote to change the meaning

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/906108.htmlTechArticleSolution to two backslash escapes and database class escapes in ThinkPHP database, thinkphp slash article The example describes the solution to two backslash escapes and database class escapes in ThinkPHP database...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn