php mysql 字符转义有关问题
php mysql 字符转义问题
后台处理
$name=addslashes($_POST['name']);//转义单引号
insert的时候,是不是带着转义符号一起存到数据库里?还是去掉转义符号存进去?
如果是带着转义符号存入到数据库,这就出现了一个小问题
如果我要查义name是不是重复,就需要对$name进行比较
依然进行转义 $name=addslashes($_POST['name']);
SELECT count(*) AS num FROM talbe WHERE name = $name
num显示的是0,也就是说找不到相同的,
打印sql语句为 SELECT count(*) AS num FROM talbe WHERE name = 'this/'s a apple'
num的值为零,我打开数据库发现,name这个字段的值是 this/'s a apple,这样肯定不能找到
如果将$name,再转义一次才能找到,$name的值就是 this///'s a apple 才能找到纪录
也就是说用两次addslashes函数
请问大家是如何处理这样的问题?如果要用两次不是很麻烦吗?
------解决方案--------------------
再就是如果Php.ini开启了magic_quotes_gpc,那么cookie啊,post,get啊,都会默认就addslashes过了,比如用户上传的是li'lei,那么你$_POST['name']得到就是li\'lei, 这样直接拼接到sql里:
select * from table where name='li\'lei'就行了,不需要addslashes了。
如果你给它addslashes了,那就变态了,因为\也会影响mysql解析命令,所以addslashes也会转移它,结果就真的变态了:
addslashes("li\'lei");将生成li\\\'lei, 拼成sql:
select * from table where name='li\\\'lei',入库后实际就是li\'lei,多了一个\。
再另外,stripslashes很少使用,因为一般只有php.ini默认开启了magic_quotes_gpc(get,post,cookie的意思)的情况下,如果我们希望使用到用户真正提交的值,比如li'lei,那么需要做stripslashes($_POST['name']); 而这里的name是被自动addslahes过的li\'lei, strip后就是li'lei了。
如果不strip,那么输出到页面上,用户看到的会是li\'lei。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
A brief analysis of the POST method in PHP with parameters to jump to the page
Mar 23, 2023 am 09:15 AM
For PHP developers, using POST to jump to pages with parameters is a basic skill. POST is a method of sending data in HTTP. It can submit data to the server through HTTP requests. The jump page processes and jumps the page on the server side. In actual development, we often need to use POST with parameters to jump to pages to achieve certain functional purposes.
How to determine whether a post has been submitted in PHP
Mar 21, 2023 pm 07:12 PM
PHP is a widely used server-side scripting language that can be used to create interactive and dynamic web applications. When developing PHP applications, we usually need to submit user input data to the server for processing through forms. However, sometimes we need to determine whether form data has been submitted in PHP. This article will introduce how to make such a determination.
How to use python requests post
Apr 29, 2023 pm 04:52 PM
Python simulates the browser sending post requests importrequests format request.postrequest.post(url,data,json,kwargs)#post request format request.get(url,params,kwargs)#Compared with get request, sending post request parameters are divided into forms ( x-www-form-urlencoded) json (application/json) data parameter supports dictionary format and string format. The dictionary format uses the json.dumps() method to convert the data into a legal json format string. This method requires
Asynchronous processing method of Select Channels Go concurrent programming using golang
Sep 28, 2023 pm 05:27 PM
Asynchronous processing method of SelectChannelsGo concurrent programming using golang Introduction: Concurrent programming is an important area in modern software development, which can effectively improve the performance and responsiveness of applications. In the Go language, concurrent programming can be implemented simply and efficiently using Channels and Select statements. This article will introduce how to use golang for asynchronous processing methods of SelectChannelsGo concurrent programming, and provide specific
How to hide the select element in jquery
Aug 15, 2023 pm 01:56 PM
How to hide the select element in jquery: 1. hide() method, introduce the jQuery library into the HTML page, you can use different selectors to hide the select element, the ID selector replaces the selectId with the ID of the select element you actually use; 2. css() method, use the ID selector to select the select element that needs to be hidden, use the css() method to set the display attribute to none, and replace selectId with the ID of the select element.
How does java initiate an http request and call the post and get interfaces?
May 16, 2023 pm 07:53 PM
1. Java calls post interface 1. Use URLConnection or HttpURLConnection that comes with java. There is no need to download other jar packages. Call URLConnection. If the interface response code is modified by the server, the return message cannot be received. It can only be received when the response code is correct. to return publicstaticStringsendPost(Stringurl,Stringparam){OutputStreamWriterout=null;BufferedReaderin=null;StringBuilderresult=newSt
How to solve the problem that NGINX reverse proxy returns 405 for POST request of HTML page
May 22, 2023 pm 07:49 PM
实现如下:server{listen80;listen443ssl;server_namenirvana.test-a.gogen;ssl_certificate/etc/nginx/ssl/nirvana.test-a.gogen.crt;ssl_certificate_key/etc/nginx/ssl/nirvana.test-a.gogen.key;proxy_connect_timeout600;proxy_read_timeout600;proxy_send_timeout600;c
PHP code example: How to use POST to pass parameters and implement page jumps
Mar 07, 2024 pm 01:45 PM
Title: PHP code example: How to use POST to pass parameters and implement page jumps In web development, it often involves the need to pass parameters through POST and process them on the server side to implement page jumps. PHP, as a popular server-side scripting language, provides a wealth of functions and syntax to achieve this purpose. The following will introduce how to use PHP to implement this function through a practical example. First, we need to prepare two pages, one to receive POST requests and process parameters
