提交表单中字符串中的转义字符 [英] Escaped characters in string from submitted form
问题描述
\ - > \\
' - > \'
- > \
我有一个多步骤表单,将数据从一种形式传输到另一种形式。我使用准备的数据保存在数据库中的值。数据库中的值目前看起来像 Paul\'s House
。用户应该有可能在其字符串中使用单引号和双引号。
这是一个简单的示例演示转义效果:
<?php
echo $ _POST ['value'];
?>
< form action =form.phpmethod =postenctype =multipart / form-data>
< input type =hiddenname =valuevalue =保罗之家>
< input type =submitvalue =Next>
< / form>
为什么或谁转义字符串?通过多种形式处理数据的正确方法是什么?在数据库中保存它的正确方法是什么?我应该使用 stripslashes()
或者我打开一个大的安全漏洞?
看起来您已经启用了Magic Quotes。
http://www.php.net/manual/en/security.magicquotes.disabling.php
检查如何禁用。
Every time a POST is made I get escaped characters.
\ -> \\
' -> \'
" -> \"
I have a multistep form, which transmits the data from one form to another. I save the values with prepared statments in the database. The values in the database currently look like Paul\'s House
. User should have the possiblity to use single and double quotes in their string.
This is a simple example demonstrating the escaping effect:
<?php
echo $_POST['value'];
?>
<form action="form.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="value" value="Paul's House">
<input type="submit" value="Next">
</form>
Why or who escapes the string? What is the correct way for handling data over multiple forms? What is the correct way for saving it in the database? Should I use stripslashes()
or I'm opening a big security hole?
Looks like you have Magic Quotes turned on.
http://www.php.net/manual/en/security.magicquotes.disabling.php
Check that out for how to disable.
这篇关于提交表单中字符串中的转义字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!