Shulou(Shulou.com)06/03 Report--

This article introduces the relevant knowledge of "how to insert database and escape operation with php". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Php realizes the method of inserting database and escaping operation: 1, setting magic_quotes_gpc item; 2, opening magic_quotes_runtime item; 3, opening magic_quotes_sybase item can realize escape automatically.

This article operating environment: windows7 system, PHP7.1 version, DELL G3 computer

How does php insert and escape the database?

Special string handling when php writes to the database (when special characters are escaped)

When dealing with MySQL, GET and POST data, it is often necessary to escape the quotation marks of the data.

There are three settings in PHP that automatically rotate'(single quotation marks), "(double quotes),\ (backslash), and NULL characters.

PHP calls it magic quotation marks, and these three settings are

Magic_quotes_gpc

Affects HTTP request data (GET,POST and COOKIE). Cannot be changed at run time. The default value in PHP is on.

When this is turned on, data passed through GET,POST,COOKIE is automatically escaped.

Such as test.php?id=abc'de "f

Echo $_ GET ['id']; # will get abc\' de\ "f

Magic_quotes_gpc=On; is enabled, and it has no effect on writing to the database. For example, if the above $_ GET ['id'] is written to the database, it is still abc'de "f.

On the contrary, if the magic_quotes_gpc=Off; character should be enclosed in quotation marks (regardless of single or double quotation marks), writing directly to mysql will directly become blank.

However, if you write it to the document instead of mysql. Then it will be abc\'de\ "f

Magic_quotes_runtime

If turned on, most of the functions that get data from external sources and return, including from databases and text files, will be escaped by backslashes. This option can be changed at run time, and the default value in PHP is off.

Magic_quotes_sybase

If on, single quotes will be escaped instead of backslashes. This option completely overrides magic_quotes_gpc. If both options are turned on, single quotes will be escaped as ". Double quotes, backslashes, and NULL characters will not be escaped.

The content of my form was originally:

Countermeasure 1: modify the php.ini file (not to mention the method of modifying php.ini, you can google)

Countermeasure 2: cancel the escaped ones.

Step 1: find the data you submitted, such as $_ POST ['content'], and change it to $content=stripslashes ($_ POST [' content'])

Step 2: replace $POST ['content'] with $content wherever you use it in the future

Step 3: submit to the database, the database storage is still normal:

Read it out and become again

You should know how to solve this, right? Why don't I talk a little bit more)

Step 4: filter the content read by the database with stripslashes ().

The stripslashes () function removes the backslash added by the addslashes () function. Used to clean up data retrieved from a database or HTML form

(

If you do not want the following to occur in the PHP page:

Single quotation marks are escaped as\'

Double quotation marks are escaped as\ "

Then you can make the following settings to prevent:

Set in php.ini: magic_quotes_gpc = Off)

The summary is as follows:

1. In the case of magic_quotes_gpc=on

We can not input and output the string data of the database

Addslashes () and stripslashes () operation, the data will also be displayed normally.

If you addslashes () the input data at this time

Then you must use stripslashes () to remove the extra backslashes when you output.

two。 In the case of magic_quotes_gpc=off

You must use addslashes () to process the input data, but you do not need to use stripslashes () to format the output

Because addslashes () does not write the backslash to the database together, it just helps mysql complete the execution of the sql statement.

This is the end of the content of "how to insert a database and escape with php". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.