How to escape strings in array in php

In PHP, we usually use arrays to store and operate a set of data. Sometimes, we need to send this data to a database or output it to a Web page. However, because some strings may contain special characters (such as single quotes, double quotes, backslashes, etc.), if these strings are output directly, it will cause security holes or runtime errors in the program. Therefore, we need to escape these strings so that they can be displayed and manipulated correctly on the database or web page.

PHP provides a special function to escape strings, namely the addslashes() function. This function can escape special characters in a string to turn it into a "safe" string. For example, if we have a string $mystr, which contains single and double quotes, we can escape it with the following code:

$mystr = "It's a \"quote\" string";
$mystr = addslashes($mystr);
echo $mystr;  //输出：It\'s a \"quote\" string

In this example, we first define a string containing single quotes and double quotes. Quoted and double-quoted string $mystr. Next, we use the addslashes() function to escape the string and get a new string $mynewstr. Finally, we output $mynewstr and we can see that all special characters have been escaped into corresponding character entities.

However, if what we need to escape is a string in an array, then the above code is no longer applicable. In this case, we need to use a custom function to loop through the entire array and escape the strings one by one.

The following is a custom function addslashes_array(), which accepts an array as a parameter and returns a new array in which the strings have been escaped:

function addslashes_array($array) {
    foreach($array as $key=>$value) {
        if(is_array($value)) {
            $array[$key] = addslashes_array($value);
        } else {
            $array[$key] = addslashes($value);
        }
    }
    return $array;
}

The function first Iterate over the array and check the type of each element. If the element is not an array, use the addslashes() function to escape it; otherwise, call itself recursively and continue traversing the elements in the subarray. Finally, the function returns a brand new array in which all strings have been escaped.

Using this function is very simple, just pass the array to be escaped as a parameter to it. For example, we have the following test data:

$data = array(
    'id' => 1, 
    'name' => "John O'Hara", 
    'email' => 'john@yahoo.com', 
    'hobbies' => array('reading', 'music', 'swimming')
);

, which contains a name field with single quotes in a string. Now, we can call the addslashes_array() function to escape the array:

$escaped_data = addslashes_array($data);

Finally, we can output the $escaped_data array to see if its content has been escaped correctly:

Array
(
    [id] => 1
    [name] => John O\'Hara
    [email] => john@yahoo.com
    [hobbies] => Array
        (
            [0] => reading
            [1] => music
            [2] => swimming
        )

)

As you can see, all strings in the $escaped_data array have been escaped correctly. In this way, when we use the array for database queries or output to a Web page, we do not need to worry about security issues and program errors caused by special characters.

In short, when we need to store and operate a set of data with special characters, we should escape the strings separately to avoid security holes and program errors. Use the addslashes() function to escape a single string, and use the custom function addslashes_array() to escape all strings in the array. This is one of the basic skills that PHP programmers must master.

The above is the detailed content of How to escape strings in array in php. For more information, please follow other related articles on the PHP Chinese website!