Home >Backend Development >PHP Tutorial >Introduction to the difference between php stripslashes and addslashes_PHP Tutorial
This article mainly introduces the difference between php stripslashes and addslashes, and I would like to share it with friends who need it.
When we write data to mysql, for example: The code is as follows: mysql_query("update table set `title`='kuhanzhu's blog'"); That would go wrong. Like asp, databases are allergic to single quotes. And addslashes are the most valuable at this time, and have the same function as asp's replace("‘",""","kuhanzhu's blog"). For the sake of security, PHP has introduced the function of magic_quotes_gpc = On, which can directly insert single quotes into the database without any processing. When it is Off, you need to consider the issue of single quotes instead of blindly trusting them. operating environment. When magic_quotes_gpc = On, the data processed using addslashes() will be saved in the database in the form of '. If you output it directly at this time, you will find that there are more contents than you expected, so stripslashes() appears. It can be removed (different from str_replace("", "",$Str)). When magic_quotes_gpc = Off, the data processed using addslashes() will be saved in the database in the form of '. There is no problem mentioned above. addslashes() plays the role of inserting data without errors. If it is output directly at this time , the data is normal. No need to use stripslashes() anymore. addslashes() and stripslashes() are exactly the opposite. Direct memory: addslashes() adds one, stripslashes() removes one. So when to use it? Simply put: When magic_quotes_gpc = On, the system will automatically handle issues such as single quotes. It does not matter whether you use addslashes() or stripslashes(). However, if addslashes() is used when adding data, stripslashes() must be used when displaying data. When magic_quotes_gpc = Off, the system will not handle issues such as single quotes, so you must use addslashes() when inserting data, and you do not need to use stripslashes() when displaying data. Now that we have the analysis, what should we do when doing the program? According to the above two situations, we can get: Regardless of whether magic_quotes_gpc is On or Off, we use addslashes() when adding data. When On, stripslashes() must be used, and when Off, stripslashes() cannot be used. How to judge whether it is On or Off? Use get_magic_quotes_gpc(). Final example: The code is as follows: Code //Submit data, or prepare variables: $Content=addslashes("This is data, whether there are single quotes or variables"); //Insert data into the database, code omitted //Start displaying data $Content="Data read from database"; if(get_magic_quotes_gpc()){ $Content=stripslashes($Content); } echo $Content;