About the function analysis of addcslashes and stripcslashes in PHP

This article mainly introduces the usage of addcslashes and stripcslashes functions in PHP. It analyzes the addcslashes function in the form of examples to add escape processing for fixed characters and restore stripcslashes related techniques. Friends in need can refer to the following

This article analyzes the usage of addcslashes and stripcslashes functions in PHP with examples. Share it with everyone for your reference. The details are as follows:

When writing the English version of a website, I fill in the English information after writing. There is no problem when I fill it in casually, but whenever I fill in the specified content But it couldn't be filled in, and no error was reported. I checked the database and found that this field used the "TEXT" data type. I thought it was because the content was too long, so I changed the data type to "longtext", but When submitting, I found that the same problem still occurred. Let's introduce the addcslashes function to you!

Later, I asked my colleagues for help, and they discovered that the reason for the punctuation "'" in English is that after MySQL executes here, it automatically thinks that the statement has ended, so I can't add it. superior. Now that you have found the problem, you have to find the corresponding solution, which is to add the escape character "\" before all "'" in the text content. It just so happens that PHP provides the ability to automatically add or remove escape characters from the string. The function addcslashes and stripcslashes of defined characters, so after adding the test, the problem was solved! It can be seen that I am not strict enough when writing programs on weekdays, and always ignore such and such details. If a HACKER discovers these problems and exploits them, The website is basically OVER, so everyone must take this as a warning and don’t make the same mistake as me.

The following is a brief introduction to the usage of these two functions:

string addcslashes(string str,string charlist)

The first parameter str is to be Lost property original string

The second parameter charlist specifies which characters of the original string need to be preceded by the character "\".

string stripcslashes(string str)

Remove "\" in the string.

In addition, you can use the addslashes function to directly escape "'".

The example is as follows:

<?php
$sql = "update book set bookname=&#39;let&#39;s go&#39; where bookid=1";
 echo $sql."<br/>";
 $new_sql = addcslashes($sql,"&#39;");
 echo $new_sql."<br/>";
 $new_sql_01 = stripcslashes($new_sql);
 echo $new_sql_01."<br/>";
 echo addslashes($sql);
?>

The running result is as follows:

update book set bookname='let's go' where bookid=1
update book set bookname=\'let\'s go\' where bookid=1
update book set bookname='let's go' where bookid=1
update book set bookname=\'let\'s go\' where bookid=1

The above is the entire content of this article. I hope it will be helpful to everyone's study. For more related content, please pay attention to the PHP Chinese website!

Related recommendations:

About the usage of PHP template engine Smarty built-in functions section and sectionelse

How to use PHP template engine Smarty built-in functions section and sectionelse ob_start() Clear output and selective output

The above is the detailed content of About the function analysis of addcslashes and stripcslashes in PHP. For more information, please follow other related articles on the PHP Chinese website!