Backend Development
PHP Tutorial
The string changed during the transfer process, string transfer_PHP tutorial
The string changed during the transfer process, string transfer_PHP tutorial
字符串在传递过程中发生了变化,字符串传递
情况描述:
前端输入的内容是:;?9W/U\|"s6u|:M
然而传递到后端再保存到数据库时就成了:;?9W/U|"s6u|:M
这是为什么呢?
这是怎么回事呢?
1:我发现在insert到数据库之前都还是正确的
2:然后单独使用heidisql工具去更改这个值,它显示的sql语句是:
<code><span class="sql1-reservedword"> UPDATE<span class="sql1-space"> <span class="sql1-delimitedidentifier">`bitstorm_http_node`<span class="sql1-symbol">.<span class="sql1-delimitedidentifier">`config_user_pwd`<span class="sql1-space"> <span class="sql1-reservedword">SET<span class="sql1-space"> <span class="sql1-delimitedidentifier">`Password`<span class="sql1-symbol">=<span class="sql1-string">';?9W/U\\|"s6u|:M'<span class="sql1-space"> <span class="sql1-reservedword">WHERE<span class="sql1-space"> <span class="sql1-delimitedidentifier">`Id`<span class="sql1-symbol">=<span class="sql1-number">14<span class="sql1-symbol">; </span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
我们发现程序在insert操作之前,它在值中添加了转义付去转义特殊符号'\'
可以究竟为什么会转义?难道是字符串的单引号双引号在作祟吗?
如果把字符放在单引号'之间,除了单引号本身'之外的绝大多数字符会解释成和写在代码中一样的形式。
放在双引号之间的字符串支持插入替换(内嵌在字符串中的变量会被替换成其内容),而且也会替换转义字符,例如用换行符替换\n,用tab替换\t,\换成\\。同样,\|它会解释成|
如果把上面的PHP中的代码的sql置于单引号中,则会是无效的sql语句:
Invalid query
INSERT INTO `bitstorm_http_node`.`config_user_pwd` (`Id`, `Domain_Name`, `Username`, `Password`) VALUES (0, "mdc-mon-tg-zabvip01.ubisoft.onbe", "cheng.wang", ";?9W/U\|"s6u|:M");
解决办法:
在PHP中:并不是每一段被转义的数据都要插入数据库的,如果所有进入 PHP 的数据都被转义的话,那么会对程序的执行效率产生一定的影响,会产生性能问题。
在运行时调用转义函数(如 addslashes())更有效率。
所以很明显,这里插入数据库我们需要转义,所以在需要转义的地方调用addslashes()函数来手动转义即可
<span>$pwd</span> = <span>addslashes</span>(<span>$pwd</span><span>);/<span><strong><span>/加这行代码后保存到数据库就对了,OK,解决问题
</span></strong></span></span><span>if</span>(<span>$zabbixHelper</span>==<span>false</span><span>){
</span><span>return</span> <span>$this</span>->returnError("Invalid input: Can not login zabbix using this username and password."<span>);
}
</span><span>$sql</span> = "INSERT INTO `bitstorm_http_node`.`config_user_pwd` (`Id`, `Domain_Name`, `Username`, `Password`) VALUES (0, '" . <span>$domainName</span> . "', '" . <span>$username</span> . "', '" . <span>$pwd</span> . "');"<span>;
</span><span>$this</span>->callSqlQuery(<span>$sql</span>));
最后,在PHP中,有时候json编码后也需要转义:
$parameters = addslashes(json_encode($args));
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
PHP and Vue: a perfect pairing of front-end development tools
Mar 16, 2024 pm 12:09 PM
PHP and Vue: a perfect pairing of front-end development tools. In today's era of rapid development of the Internet, front-end development has become increasingly important. As users have higher and higher requirements for the experience of websites and applications, front-end developers need to use more efficient and flexible tools to create responsive and interactive interfaces. As two important technologies in the field of front-end development, PHP and Vue.js can be regarded as perfect tools when paired together. This article will explore the combination of PHP and Vue, as well as detailed code examples to help readers better understand and apply these two
Detailed explanation of the method of converting int type to string in PHP
Mar 26, 2024 am 11:45 AM
Detailed explanation of the method of converting int type to string in PHP In PHP development, we often encounter the need to convert int type to string type. This conversion can be achieved in a variety of ways. This article will introduce several common methods in detail, with specific code examples to help readers better understand. 1. Use PHP’s built-in function strval(). PHP provides a built-in function strval() that can convert variables of different types into string types. When we need to convert int type to string type,
How to repeat a string in python_python repeating string tutorial
Apr 02, 2024 pm 03:58 PM
1. First open pycharm and enter the pycharm homepage. 2. Then create a new python script, right-click - click new - click pythonfile. 3. Enter a string, code: s="-". 4. Then you need to repeat the symbols in the string 20 times, code: s1=s*20. 5. Enter the print output code, code: print(s1). 6. Finally run the script and you will see our return value at the bottom: - repeated 20 times.
How to check if a string starts with a specific character in Golang?
Mar 12, 2024 pm 09:42 PM
How to check if a string starts with a specific character in Golang? When programming in Golang, you often encounter situations where you need to check whether a string begins with a specific character. To meet this requirement, we can use the functions provided by the strings package in Golang to achieve this. Next, we will introduce in detail how to use Golang to check whether a string starts with a specific character, with specific code examples. In Golang, we can use HasPrefix from the strings package
Questions frequently asked by front-end interviewers
Mar 19, 2024 pm 02:24 PM
In front-end development interviews, common questions cover a wide range of topics, including HTML/CSS basics, JavaScript basics, frameworks and libraries, project experience, algorithms and data structures, performance optimization, cross-domain requests, front-end engineering, design patterns, and new technologies and trends. . Interviewer questions are designed to assess the candidate's technical skills, project experience, and understanding of industry trends. Therefore, candidates should be fully prepared in these areas to demonstrate their abilities and expertise.
How to intercept a string in Go language
Mar 13, 2024 am 08:33 AM
Go language is a powerful and flexible programming language that provides rich string processing functions, including string interception. In the Go language, we can use slices to intercept strings. Next, we will introduce in detail how to intercept strings in Go language, with specific code examples. 1. Use slicing to intercept a string. In the Go language, you can use slicing expressions to intercept a part of a string. The syntax of slice expression is as follows: slice:=str[start:end]where, s
PHP string manipulation: a practical way to effectively remove spaces
Mar 24, 2024 am 11:45 AM
PHP String Operation: A Practical Method to Effectively Remove Spaces In PHP development, you often encounter situations where you need to remove spaces from a string. Removing spaces can make the string cleaner and facilitate subsequent data processing and display. This article will introduce several effective and practical methods for removing spaces, and attach specific code examples. Method 1: Use the PHP built-in function trim(). The PHP built-in function trim() can remove spaces at both ends of the string (including spaces, tabs, newlines, etc.). It is very convenient and easy to use.
Exploring Go language front-end technology: a new vision for front-end development
Mar 28, 2024 pm 01:06 PM
As a fast and efficient programming language, Go language is widely popular in the field of back-end development. However, few people associate Go language with front-end development. In fact, using Go language for front-end development can not only improve efficiency, but also bring new horizons to developers. This article will explore the possibility of using the Go language for front-end development and provide specific code examples to help readers better understand this area. In traditional front-end development, JavaScript, HTML, and CSS are often used to build user interfaces
