Mysql Real Escape字符串PHP函数添加"\"到我的字段输入 [英] Mysql Real Escape String PHP Function Adding "\" to My Field Entry
问题描述
我正在使用PHP向MySQL数据库提交表单.
I am submitting a form to my MySQL database using PHP.
我正在通过mysql_real_escape_string($content)
函数发送表单数据.
I am sending the form data through the mysql_real_escape_string($content)
function.
当条目显示在我的数据库中(在phpMyAdmin中检查)时,我所有的双引号和单引号均被转义.
When the entry shows up in my database (checking in phpMyAdmin) all of my double quotes and single quotes are escaped.
我确定这是PHP配置问题吗?
I'm fairly certain this is a PHP configuration issue?
如此:
$content = 'Hi, my name is Jascha and my "favorite" thing to do is sleep';
mysql_real_escape_string($content);
$query = 'INSERT INTO DB...'
在我的数据库中显示为:
comes up in my database as:
我叫Jascha,我最喜欢做的事情是睡觉
Hi, my name is Jascha and my \"favorite" thing to do is sleep
我该告诉谁该怎么办? (我无法访问php.ini).
Who do I tell what to do? (I cannot access the php.ini).
推荐答案
在检索请求数据时,您需要考虑魔术引号.如果 get_magic_quotes_gpc()
是true
,则您需要在输入上运行 stripslashes()
.最好的方法是为此编写一个函数.像这样:
You need to take magic quotes into account when retrieving request data. If get_magic_quotes_gpc()
is true
, then you need to run stripslashes()
on the input. Best way would be to write a function for that. Something like:
function get_string($array, $index, $default = null) {
if (isset($array[$index]) && strlen($value = trim($array[$index])) > 0) {
return get_magic_quotes_gpc() ? stripslashes($value) : $value;
} else {
return $default;
}
}
..您可以用作
$input = get_string($_POST, 'input');
..而不是
$input = $_POST['input'];
对诸如get_number()
,get_boolean()
,get_array()
之类的琐碎内容进行相同的操作.
Do the same for trivial stuff like get_number()
, get_boolean()
, get_array()
and so on.
这篇关于Mysql Real Escape字符串PHP函数添加"\"到我的字段输入的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!