dqcuq4138 2011-03-08 05:31
浏览 29

从PHP中的mysql_real_escape_string输出中去除斜杠

I have something like this: $foo = mysql_real_escape_string($_GET["t"]). Let's assume t = Stack's Overflow.

In this case, I echo $foo, and it would return something like Stack\\\'s Overflow. How do I stop this behavior and have $foo equal what it would be if I hadn't escaped it?

Even with strip_slashes() I still get one last slash.

This is how my string goes:

  1. Typed into search box
  2. Posts to a file where it is mysql_real_escape_string()'d
  3. Redirects to search?term=string
  4. mysql_real_escapes it again in case of $_GET manipulation
  5. Searches through database for that string. It is stored mysql_real_escape_string()'d from when it was created. So it would look like Stack\'s in the database.

The string gets all the way to the last page as Stack\'s (which is what it should be). However, the query returns no results like that, even though that's the exact way it looks in the database.

Edit:

Also, it screws up when it hits an ampersand. Like if I had t = Stack & Overflow then it would only store Stack in the variable $foo.

  • 写回答

2条回答 默认 最新

  • dtkz3186 2011-03-08 05:45
    关注

    Either disable magic quotes or strip slashes from the GET variable before escaping it.

    评论

报告相同问题?

悬赏问题

  • ¥15 使用ue5插件narrative时如何切换关卡也保存叙事任务记录
  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c