Mysql Real Escape字符串PHP函数添加"\"到我的字段输入 [英] Mysql Real Escape String PHP Function Adding "\" to My Field Entry

问题描述

我正在使用PHP向MySQL数据库提交表单.

I am submitting a form to my MySQL database using PHP.

我正在通过mysql_real_escape_string($content)函数发送表单数据.

I am sending the form data through the mysql_real_escape_string($content) function.

当条目显示在我的数据库中(在phpMyAdmin中检查)时，我所有的双引号和单引号均被转义.

When the entry shows up in my database (checking in phpMyAdmin) all of my double quotes and single quotes are escaped.

我确定这是PHP配置问题吗?

I'm fairly certain this is a PHP configuration issue?

如此:

$content = 'Hi, my name is Jascha and my "favorite" thing to do is sleep';
mysql_real_escape_string($content);
$query = 'INSERT INTO DB...'

在我的数据库中显示为:

comes up in my database as:

我叫Jascha，我最喜欢做的事情是睡觉

Hi, my name is Jascha and my \"favorite" thing to do is sleep

我该告诉谁该怎么办? (我无法访问php.ini).

Who do I tell what to do? (I cannot access the php.ini).

推荐答案

在检索请求数据时，您需要考虑魔术引号.如果 get_magic_quotes_gpc() 是true，则您需要在输入上运行 stripslashes() .最好的方法是为此编写一个函数.像这样:

You need to take magic quotes into account when retrieving request data. If get_magic_quotes_gpc() is true, then you need to run stripslashes() on the input. Best way would be to write a function for that. Something like:

function get_string($array, $index, $default = null) {
    if (isset($array[$index]) && strlen($value = trim($array[$index])) > 0) {
        return get_magic_quotes_gpc() ? stripslashes($value) : $value;
    } else {
        return $default;
    }
}

..您可以用作

$input = get_string($_POST, 'input');

..而不是

$input = $_POST['input'];

对诸如get_number()，get_boolean()，get_array()之类的琐碎内容进行相同的操作.

Do the same for trivial stuff like get_number(), get_boolean(), get_array() and so on.

这篇关于Mysql Real Escape字符串PHP函数添加"\"到我的字段输入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！