ThinkPHP's solution to automatic escaping by default when submitting a form

This article mainly introduces the solution to the default automatic escaping of ThinkPHP when submitting a form. It can solve the problem of automatic transfer of single quotes and double quotes. It provides two solutions for everyone to compare and choose, which has certain practical value. , Friends who need it can refer to

The example in this article describes the solution to the default automatic escaping when submitting a form in ThinkPHP. Share it with everyone for your reference. The specific method is as follows:

1. Question:

When submitting a form to insert data in ThinkPHP, single quotes and double quotes will be automatically escaped, that is Backslashes will be added automatically, but I don’t want to add backslashes to single quotes and double quotes.

When submitting a form to insert data in ThinkPHP, single quotes and double quotes will be automatically converted. Meaning, backslashes will be automatically added, but I don’t want to add backslashes to single quotes and double quotes. When submitting a form to insert data in ThinkPHP, single quotes and double quotes will be automatically escaped. , it will automatically add backslashes, but I don’t want to add backslashes to single quotes and double quotes. For example: hds"gh"j'g'h will be automatically escaped to: hds\"gh\" j\'g\'h.

Please note that what you need is to cancel this escaping function, rather than using the stripslashes() function to delete these backslashes, that is, you do not need the official automatic escaping function. .

2. Solution:

Search the Internet for the solution:

1. In the thinkphp directory, open ThinkPHP\Lib\ in sequence Driver\Db directory, and modify the escapeString function in the dbmysql.class.php file to:

##Copy code The code is as follows:

public function escapeString($str) {  
//修改 周蛮子 放双引号双重转义  
if (!get_magic_quotes_gpc()){  
if($this->_linkID) {  
return mysql_real_escape_string($str,$this->_linkID);  
}else{  
return mysql_escape_string($str);  
}  
} else {  
return $str;  
}  
}

Original function:

Copy code The code is as follows:

public function escapeString($str) {  
//修改 周蛮子 放双引号双重转义  
if($this->_linkID) {  
return mysql_real_escape_string($str,$this->_linkID);  
}else{  
return mysql_escape_string($str);  
}  
}

2. Add:

to the public file Copy the code The code is as follows:

//防止双重转义  
if (get_magic_quotes_gpc()) {  
function stripslashes_deep($value){  
$value = is_array($value) ?  
array_map('stripslashes_deep', $value) :  
stripslashes($value);  
return $value;  
}  
$_POST = array_map('stripslashes_deep', $_POST);  
$_GET = array_map('stripslashes_deep', $_GET);  
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);  
}

Note: If the server enables escaping, then after escaping again through thinkphp, a double-escaping bug will occur in the program

After the modification, there is no problem with the background entry of my website program. It seems that if you encounter using Thinkphp in the future, please note that if the server turns on the filtering of single quotes or double quotes, it may conflict with ThinkPHP. Therefore, adding a layer of judgment can solve this problem very well.

Related recommendations:

Solution to the failure of ThinkPHP automatic verification

thinkphp implements excel data import and export (complete case attached)

The above is the detailed content of ThinkPHP's solution to automatic escaping by default when submitting a form. For more information, please follow other related articles on the PHP Chinese website!