Wordpress 数据库输出 - 删除 SQL 注入转义 [英] Wordpress Database Output - Remove SQL Injection Escapes
问题描述
我在使用 $wbdb 时遇到问题.当我使用 $wpdb->insert 或 $wpdb->update 插入或更新数据时,SQL 注入保护实际上将 \' 插入到数据库中,并且在输出该信息时,它带有 SQL 转义符.(即:我的价值转义了).
I'm having a problem using $wbdb. When I insert or update data using $wpdb->insert or $wpdb->update, the SQL injection protection actually inserts the \' into the database, and when outputting that information it has the SQL escape with it. (ie: My Value\'s Escaped).
我知道必须有一种方法可以使用 wordpress 函数来避免这种情况,但是我在搜索 google 和 wordpress codex 时找不到它....那么这个函数是什么,或者我做错了什么(似乎 '\' 一开始就不应该真正进入数据库)谢谢!
I know there's gotta be a way to escape this using a wordpress function, but I haven't been able to find it searching google and the wordpress codex. ...So what's that function, or what am I doing wrong (seems like the '\' shouldn't really get to the database in the first place) Thanks!
推荐答案
看起来好像 magic_quotes
在您使用的服务器上启用.
It looks as if magic_quotes
are enabled on the server you are using.
有许多 SO 问题和答案涉及它们是什么,它们为什么不好,以及如何摆脱它们,所以我不会在这里明确解释,但建议您查看一些以下内容:
There are a number of SO questions and answers that deal with what they are, why they're bad, and how to get rid of them, so I won't explicitly explain here, but suggest you look at a few of the following:
这篇关于Wordpress 数据库输出 - 删除 SQL 注入转义的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!