Detailed analysis and explanation of php addslashes function_PHP tutorial

Syntax: string addslashes(string str);
Content description
This function adds slashes to the quoted part of the string that needs to be processed by the database, so that the database query can operate smoothly. The characters that will be changed include single quotes ('), double quotes ("), backslash () and the null character NUL (the null byte).
============ ================================================== ==
1, the performance of addslashes in form submission first depends on the value of get_magic_quotes_gpc(), which is usually 1. At this time, the content submitted from will be automatically added. Slash. </strong>For example, input ' becomes ' , " becomes " , becomes \ <br>Example: <br>PHP code: <br><br><br></p> <div class="codetitle">Copy code<span style="CURSOR: pointer" onclick="doCopy('code48910')"><u> The code is as follows: </u></span> </div><html><head><title>test</title></head> <div class="codebody" id="code48910"><body> <br><FORM action ="" method=post> <br><TEXTAREA name=message rows="18" cols="55" >default text

echo get_magic_quotes_gpc().
" A ".$_POST['message'].
" B ".stripslashes($_POST['message' ]);
?>



Input: include('/home/me/myfile');

Output: 1 A include('/home/me/myfile'); B include('/home/me/myfile');
Summary: When get_magic_quotes_gpc() is equal to 1, if you do not enter the database, then you get The result is with a slash.

2, the performance of addslashes when submitting to the database.
Example:


Copy the code

The code is as follows:

default text

require_once('includes/common.php');
$db->query("INSERT INTO `testtable` ( id , content ) VALUES ('1' , '".$_POST['message']."')");
$query=$db->query("select * from `testtable` where `id` = 1;");
$Result=$db->fetch_array($query);
echo get_magic_quotes_gpc().
" A ".$_POST['message'].
" B ".$Result['content'];
?>



Input: include('/home/me/myfile ');
Output: 1 A include('/home/me/myfile'); B include('/home/me/myfile');

Summary: When get_magic_quotes_gpc() is equal to 1, if After entering the database, when you read it directly from the database, you can get the input string without making any modifications.

3, get_magic_quotes_gpc()

The settings of get_magic_quotes_gpc() on the server cannot be modified at runtime. In other words, you must consider different situations in advance in your web page code. Otherwise, when you submit the data, you still don’t know whether the server added a slash to you. The following two popular functions on the Internet may be what everyone needs. I personally like the second one: PHP code:


Copy code

The code is as follows: function my_addslashes( $message ){

if(get_magic_quotes_gpc()== 1 ){

return $message;
}else{
if(is_array($message) ==true){
while(list($key,$value)=each($message)){
$message[$key]=my_addslashes($value);
}
return $message;
}else{
return addslashes($message);
}
}
}


PHP code:

Copy code

The code is as follows:function my_addslashes($data){

if(!get_magic_quotes_gpc()) {

return is_array($ data)?array_map('AddSlashes',$data):addslashes($data);
} else {
Return $data;
}
}


The simple explanation is that if get_magic_quotes_gpc() is equal to 1 (the server default setting is 1), then our string can be directly stored in the database without modification. Otherwise, we use the addslashes function.

http://www.bkjia.com/PHPjc/320351.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/320351.htmlTechArticle Syntax: string addslashes(string str); Content description: This function removes quotation marks in the string that needs to be processed by the database. Add slashes to the part to allow database query to operate smoothly. This...