$ wpdb-> update或$ wpdb-> insert结果会在引号前添加斜杠 [英] $wpdb->update or $wpdb->insert results in slashes being added in front of quotes

问题描述

这个问题在不同的地方提出过几次，但是我没有找到明确明确的答案.大多数解决方案都涉及人们说要禁用php.ini文件上的魔术引号"(我这样做了)或修改核心WP文件.

This question has been posed a few times in various places, but I haven't found a definative and clear answer. Most solutions involve people saying to disable Magic Quotes on the php.ini file (which I did) or modifying core WP files.

无论如何，问题是这样的:为什么每次我使用$ wpdb-> insert或$ wpdb-> update时，为什么在任何单引号之前都添加一个斜杠.例如:

Anyways, the question is this: why is it everytime I use $wpdb->insert or $wpdb->update a slash gets added before any single quote. So for instance:

我吃了草莓成为我吃了草莓

这是我使用的示例代码:

Here's a sample code I used:

$id = $_POST['id'];
$title = $_POST['title'];
$message = $_POST['message'];

$wpdb->update('table_name', array('id'=>$id, 'title'=>$title, 'message'=>$message), array('id'=>$id))

相同的问题在这里: Wordpress数据库输出-删除SQL注入转义，但是除了禁用魔术引号"之外，它从未得到解决

The same problem was here: Wordpress Database Output - Remove SQL Injection Escapes but it was never solved aside from "disable magic quotes"

推荐答案

在此上度过一天之后，答案如下:

After spending the day on this, the answer is as follows:

Wordpress在$ _POST声明处转义，而不是在实际插入处转义，这很奇怪.

Wordpress escapes at the $_POST declaration, not at the actual insert, which is bizarre.

$id = stripslashes_deep($_POST['id']); //added stripslashes_deep which removes WP escaping.
$title = stripslashes_deep($_POST['title']);
$message = stripslashes_deep($_POST['message']);

$wpdb->update('table_name', array('id'=>$id, 'title'=>$title, 'message'=>$message), array('id'=>$id));

这样做将意味着WP不会在任何引号之前添加斜杠.

Doing this will mean that WP will not add slashes before any quotes.

这篇关于$ wpdb-> update或$ wpdb-> insert结果会在引号前添加斜杠的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！