PHP输出反斜杠 [英] PHP outputting back slashes

问题描述

可能的重复:
为什么要添加转义字符到隐藏输入的值

我正在从数据库中的表中查询用户帖子.当我输出它们并且如果它们包含撇号时，会在撇号前插入一个反斜杠.

I am querying user posts from a table in my database. When I output them and if they contain an apostrophe, a backslash is inserted before the apostrophe.

为什么要这样做?我该怎么做才能解决这个问题?

Why is it doing this? What can I do to fix this problem?

示例:

I'm hiking in Colorado's Mountains.

I\'m hiking in Colorado\'s Mountains.

推荐答案

两个可能的原因:

原因一:

您在服务器上启用了魔术引号.要测试魔术引号，只需使用这段代码:

You have magic quotes enabled on your server. To test for magic quotes, simply use this piece of code:

if(get_magic_quotes_gpc()){
    echo 'Magic quotes are enabled...';
}

如果启用了魔术引号，您需要禁用它们(并向您的网络主机投诉).PHP 手册有一个页面专门用于禁用魔术引号.

If magic quotes are enabled, you'll need to disable them (and complain to your web host about it). The PHP manual has a page dedicated to disabling magic quotes.

原因二:

您(或您的输入函数之一)正在使用 addlashes() 来防止 SQL 注入.这是不安全的.准备好的语句(使用 PDO 或 mysqli)是唯一可以接受的防止 SQL 注入的方法.

You (or one of your input functions) is using addslashes() as protection against SQL injection. This is not secure. Prepared statements (with PDO or mysqli) are the only acceptable means of protection against SQL injection.

这篇关于PHP输出反斜杠的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！