Detailed example of the difference between php stripslashes() function and addslashes() function

The functions and usage of the addslashes() function and stripslashes() function in PHP were introduced earlier. This article introduces the PHP stripslashes() function and addslashes() function difference.

The difference between them in terms of function names: strip (strip) slashes (slash) add (add) slashes (slash), so one of them is to strip slashes and the other is to add Adding a slash has the opposite effect.

Usage scenarios: In fact, these two functions are mainly used in some data processing that need to convert special characters, such as database operations. When writing to the database, we need to put single quotes like this The special characters are escaped and saved, and when reading,

we need to reverse-escape these escaped special characters in the database.

When we write data to mysql, for example:

mysql_query("update table set `title`='kuhanzhu's blog'");

An error will occur. Like asp, databases are allergic to single quotes. At this time, addslashes has the most face, and it has the same function as asp's replace("'",""","kuhanzhu's blog").

For the sake of security, PHP introduces magic_quotes_gpc = On function, you can directly insert single quotes into the database without any processing. Then for Off, you need to consider the issue of single quotes instead of blindly trusting the operating environment.

When magic_quotes_gpc = When On, the data processed using addslashes() will be saved in the database in the form of \'. If you output it directly at this time, you will find that there are more \'s than you expected, so stripslashes() appears. Can remove \ (different from str_replace("\", "",$Str))

When magic_quotes_gpc = Off, the data processed by addslashes() will be saved in the database in the form of '. , there is no problem with \ as mentioned above. addslashes() can prevent errors in inserting data. If it is output directly at this time, there is no need to use stripslashes() and

addslashes(). stripslashes() is just the opposite, direct memory: addslashes() adds a \, stripslashes() removes a \

So when to use it?

Simply put:

When magic_quotes_gpc = On, the system will automatically handle issues such as single quotes. It doesn’t matter whether you use addslashes() and stripslashes(). However, if addslashes() is used when adding data, stripslashes() must be used when displaying data. )

When magic_quotes_gpc = Off, the system will not handle issues such as single quotes, so you must use addslashes() when inserting data, and you do not need to use stripslashes() when displaying data.

Now that we have the analysis, what should we do when doing the program? According to the above two situations, we can get:

Regardless of whether magic_quotes_gpc is On or Off, we use it when adding data. addslashes(), when On, stripslashes() cannot be used.

How to determine whether it is On or Off? Aboutget_magic_quotes_gpc(). )Please check this article for the function

Example

The code is as follows:

代码 
//提交数据，或者变量准备：
$Content=addslashes(”这里面是数据，不管有没单引号或者还是变量”);
//插入数据到数据库，代码省略
//开始显示数据
$Content=”从数据库读取的数据”;
if(get_magic_quotes_gpc()){
  $Content=stripslashes($Content); 
}
echo $Content;

[Recommended related articles]:

php addslashes() function and stripslashes() function examples detailed explanation

The above is the detailed content of Detailed example of the difference between php stripslashes() function and addslashes() function. For more information, please follow other related articles on the PHP Chinese website!