提交表单中字符串中的转义字符 [英] Escaped characters in string from submitted form
问题描述
\ - > \\
' - > \'
- > \
我有一个多步骤表单,将数据从一种形式传输到另一种形式。我使用准备的数据保存在数据库中的值。数据库中的值目前看起来像 Paul\'s House 。用户应该有可能在其字符串中使用单引号和双引号。
这是一个简单的示例演示转义效果:
<?php
echo $ _POST ['value'];
?>
< form action =form.phpmethod =postenctype =multipart / form-data>
< input type =hiddenname =valuevalue =保罗之家>
< input type =submitvalue =Next>
< / form>
为什么或谁转义字符串?通过多种形式处理数据的正确方法是什么?在数据库中保存它的正确方法是什么?我应该使用 stripslashes()或者我打开一个大的安全漏洞?
看起来您已经启用了Magic Quotes。
http://www.php.net/manual/en/security.magicquotes.disabling.php
检查如何禁用。
Every time a POST is made I get escaped characters.
\ -> \\
' -> \'
" -> \"
I have a multistep form, which transmits the data from one form to another. I save the values with prepared statments in the database. The values in the database currently look like Paul\'s House. User should have the possiblity to use single and double quotes in their string.
This is a simple example demonstrating the escaping effect:
<?php
echo $_POST['value'];
?>
<form action="form.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="value" value="Paul's House">
<input type="submit" value="Next">
</form>
Why or who escapes the string? What is the correct way for handling data over multiple forms? What is the correct way for saving it in the database? Should I use stripslashes() or I'm opening a big security hole?
Looks like you have Magic Quotes turned on.
http://www.php.net/manual/en/security.magicquotes.disabling.php
Check that out for how to disable.
这篇关于提交表单中字符串中的转义字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
