addslashes() function returns a string with backslashes added before predefined characters.
The predefined characters are:
Single quotation mark (')
Double quotation mark (")
Backslash (\)
NULL
Tip: This function can be used to return the Strings and database query statements prepare strings.
Note: By default, PHP automatically runs addslashes() on all GET, POST, and COOKIE data, so you should not use addslashes on escaped strings. (), because this will cause double-level escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() for detection This article mainly introduces PHP. addslashesFunction and sql anti-injection. The example describes the use of the addslashes function for sql anti-injection. It has good reference value for PHP security program design. Friends who need it can Refer to the detailed analysis of as follows:
addslashes can automatically add \\\\\\ to single quotes and double quotes, so that we can safely store data in the database It is not used by hackers. The parameter 'a..z' defines that all uppercase and lowercase letters are escaped. The code is as follows:
echo addcslashes('foo[ ]','a..z'); //输出:foo[ ] $str="is your name o'reilly?"; //定义字符串,其中包括需要转义的字符 echo addslashes($str); //输出经过转义的字符串
$str="<a href='test'>test</a>"; //定义包含特殊字符的字符串 $new=htmlspecialchars($str,ent_quotes); //进行转换操作 echo $new; //输出转换结果 //不过输出时要用到 $str="jane & 'tarzan'"; //定义html字符串 echo html_entity_decode($str); //输出转换后的内容 echo "<br/>"; echo html_entity_decode($str,ent_quotes); //有可选参数输出的内容
The above is the detailed content of Detailed explanation of addslashes function and SQL injection prevention in PHP. For more information, please follow other related articles on the PHP Chinese website!