将序列化数据转义和插入到 MySQL [英] Escaping and Inserting Serialized Data to MySQL

问题描述

我以以下数据为例:

$a = addslashes('hello\'s');
$b = serialize($a);

// As you know, $b looks like this s:8:"hello\'s";

现在，当我将 $b 插入 MySQL 时，数据现在看起来像这样 s:8:"hello's" 在 MySQL 中.MySQL 删除了 \，现在我有一个无效的序列化数据.

Now when I insert $b to MySQL, the data now looks like this s:8:"hello's" inside MySQL. MySQL removes the \ and now I have an invalid serialized data.

解决此问题的最佳方法是什么?谢谢

What's the best way to fix this? Thanks

推荐答案

首先序列化你想要的值然后使用mysql_real_escape_string.毕竟，这就是您要放入数据库的字符串.尽量避免加斜杠...

First serialize the value you want and then use the mysql_real_escape_string. That's the string you are going to put in the database after all. Try to avoid addslashes...

如果你当时不想有活动连接，试试这个功能:

If you don't want to have an active connection at the time, try this function:

function mysql_escape_no_conn( $input ) { 

    if( is_array( $input ) ) {
        return array_map( __METHOD__, $input ); 
    }
    if( !empty( $input ) && is_string( $input ) ) { 
        return str_replace( array( '\\', "\0", "\n", "\r", "'", '"', "\x1a" ), 
                            array( '\\\\', '\\0', '\\n', '\\r', "\\'", '\\"', '\\Z' ),
                            $input ); 
} 

return $input; 

}

这篇关于将序列化数据转义和插入到 MySQL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！