duanqianpu6499 2011-05-21 20:42
浏览 47
已采纳

addslashes函数在我尝试从数据库中检索数据时添加了一个斜杠

i need to enter a string to my database, this string may contain this caracter :', i wasn't able to enter this until i used addslashes() function, however when trying to display the string manipulated with the addslashes() later to the user it appears with the slash

$this->adresse=addslashes($this->adresse);//example : L'Arc

when trying to display it later i got : L\'Arc

for inserting into database i use the PDO like this :

$req=$bdd->prepare('Insert into ...

can you please help me, i want to prevent this caracter ' into the query but in the other side i don't want that the \ will be shown with the string .

  • 写回答

2条回答 默认 最新

  • dsasd12314 2011-05-21 20:46
    关注

    addslashes shouldn't be necessary and shouldn't be used when interacting with a database. Preferred over addslashes is whatever quote function the DB driver provides. Preferred over quote functions are prepared statement parameters, which will prevent injection attacks. Moreover, you can't forgot parameters, while you can forget to quote. For example:

    $thing = new StdClass;
$thing->foo = 'bar';
$thing->addresse = 'anywhere';
$req = $bdd->prepare('INSERT INTO table (addresse, foo) VALUES (:addresse, :foo)');
$req->execute((array) $thing);

    Not that casting an object to an array and passing that to execute is appropriate for your DAL.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥30 seata使用出现报错,其他服务找不到seata
  • ¥35 引用csv数据文件(4列1800行),通过高斯-赛德尔法拟合曲线,在选取(每五十点取1点)数据,求该数据点的曲率中心。
  • ¥20 程序只发送0X01,串口助手显示不正确,配置看了没有问题115200-8-1-no,如何解决?
  • ¥15 Google speech command 数据集获取
  • ¥15 vue3+element-plus页面崩溃
  • ¥15 像这种代码要怎么跑起来?
  • ¥15 安卓C读取/dev/fastpipe屏幕像素数据
  • ¥15 pyqt5tools安装失败
  • ¥15 mmdetection
  • ¥15 nginx代理报502的错误