search

Home  >  Article  >  Backend Development  >  Specific application analysis of PHP addslashes() function_PHP tutorial

Specific application analysis of PHP addslashes() function_PHP tutorial

WBOY
WBOYOriginal
2016-07-15 13:31:00888browse

We add a backslash before the specified predefined character by defining and using the addslashes() function.

These predefined characters are:

Single quote (')

Double quote (")
Backslash ()
NULL

Syntax

c

Parameter Description

string Required. Specifies the string to be checked.

Tips and Comments

Tip: This function can be used for characters stored in the database. Prepare appropriate strings for strings and database query statements.

Note: By default, the PHP directive magic_quotes_gpc is on and does not automatically run addslashes() on all GET, POST and COOKIE data that have been converted by magic_quotes_gpc. Use addslashes() for undefined strings, because this will cause double-level escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.

In this case. , we want to add backslashes to the predefined ones in the string:

Output: 

<ol class="dp-xml">
<li class="alt"><span><span class="tag"><span> ?php  </span></span></span></li>
<li>
<span>$</span><span class="attribute">str</span><span> = </span><span class="attribute-value">"Who's John Adams?"</span><span>;  </span>
</li>
<li class="alt"><span>echo $str . " This is not safe in a database query.</span></li>
<li class="alt"><span class="tag"><span> </span><span class="tag-name">br</span><span> </span><span class="tag">/></span><span>";  </span></span></li>
<li><span>echo addslashes($str) . " This is safe in a database query.";  </span></li>
<li class="alt">
<span class="tag">?></span><span> </span>
</li>
</ol>
Who's John Adams? This is not safe in a database query.

Who's John Adams? This is safe in a database query.

An example of using addslashes() is when you want to enter data into the database. For example, this is required to insert the name O'reilly into the database. Escape it. Most databases use as escape character: O'reilly. This will put the data into the database without inserting extra. When the PHP directive magic_quotes_sybase is set to on, it means that when inserting ' Use ' for escaping.

By default, the PHP directive magic_quotes_gpc is on, which mainly automatically runs addslashes() on all GET, POST and COOKIE data. Do not escape characters that have been escaped by magic_quotes_gpc. Use addslashes() for strings, because this will cause double-level escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.

http://www.bkjia.com/PHPjc/446258.html
www.bkjia.com

truehttp: //www.bkjia.com/PHPjc/446258.htmlTechArticleWe add a backslash before the specified predefined character by adding the definition and usage addslashes() function. These predefined characters are: Single quote (') Double quote (") Backslash () NULL Syntax...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Analysis of the working principle of PHP ereg_replace() function_PHP tutorialNext article:Analysis of the working principle of PHP ereg_replace() function_PHP tutorial

Related articles

See more