dreamact3026 2015-07-08 21:23
浏览 59
已采纳

来自MySQL的JSON安全值

I'm using MySQL's GROUP_CONCAT() to generate a JSON string. I then decode it in PHP with json_decode().

I'm already escaping double quotes in the values like this:

REPLACE(COALESCE(`column_name`, ''), '"', '\\\\"')

My problem is that there's some other character in a record that's invalid and causing a JSON_ERROR_SYNTAX (4) when trying to decode. Rather than track down the specific character that's causing this problem, I'd like to apply a more generic solution that makes the values "safe".

This blog solves the problem by using MySQL's HEX() function to encode the value, and then this PHP function on the decode end for each value:

function hexToStr($hex)
{
    $string = '';
    for ($charIter = 0; $charIter < strlen($hex) - 1; $charIter += 2)
    {
        $string .= chr(hexdec($hex[$charIter] . $hex[$charIter + 1]));
    }
    return $string;
}

I'm looking for a solution that requires less work on the decode end. Ideally doing all the work in MySQL.

After three downvotes and close vote, I'm not sure how to better structure my question. I simply want to escape values in MySQL so that they'll be "JSON safe".

  • 写回答

1条回答 默认 最新

  • douqiaotong8682 2015-07-09 16:36
    关注

    Update: I've switch to MariaDB, and am using the COLUMN_JSON function, which takes care of double quote escaping, but not control characters. Here's my new solution.

    Old Solutiong

    Keep the double quote escaping in the query:

    REPLACE(COALESCE(`column_name`, ''), '"', '\\\\"')

    Add this function for escaping the backslash and control characters, but leaving the already escaped double quotes intact:

    /**
 * Makes sure the JSON values built by GROUP_CONCAT() in MySQL are safe for json_decode()
 * Assumes that double quotes are already escaped
 *
 * @param string $mysql_json
 * @return string
 */
function mysql_json_escape($mysql_json)
{
    $rtn = '';
    for ($i = 0; $i < strlen($mysql_json); ++$i) {
        $char = $mysql_json[$i];
        if (($char === '\\') && ($mysql_json[$i + 1] !== '"')) {
            // escape a back slash, but leave escaped double quotes intact
            $rtn .= '\\\\';
        } elseif (($ord = ord($char)) && ($ord < 32)) {
            // hex encode control characters (below ASCII 32)
            $rtn .= '\\u' . str_pad(dechex($ord), 4, '0', STR_PAD_LEFT);
        } else {
            $rtn .= $char;
        }
    }
    return $rtn;
}

    Call it like this:

    $data = json_decode(mysql_json_escape($mysql_json));
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 win10权限管理,限制普通用户使用删除功能
  • ¥15 minnio内存占用过大,内存没被回收(Windows环境)
  • ¥65 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 求螺旋焊缝的图像处理
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?
  • ¥15 网络通信安全解决方案
  • ¥50 yalmip+Gurobi
  • ¥20 win10修改放大文本以及缩放与布局后蓝屏无法正常进入桌面