新旧版本 PHP 的魔法引用
这段代码应该确保干净的代码到达数据库,
它应该在早期版本的 PHP(早于 4.3.0)和更高版本的 php(早于 4.3.0)中工作,
它工作得很好,因为数据到达数据库没有问题,但我在浏览器上收到错误
$menu_name = mysql_prep($_POST['menu_name']);
是我调用 mysql_prep 函数的方式
function mysql_prep($value)
{
$get_magic_quotes = get_magic_quotes_gpc();
$new_enough_php = function_exists ("mysql_real_escape_string"); //check if php version is greater than 4.3.0
if($new_enough_php) // if php is of a newer version
{
//undo magic quotes effect so that mysql_real_escape_string can work well
if ($get_magic_quotes)
{
$value = stripslashes ($value);
}
$value = mysql_real_escape_string($value);
}
else //mysql is older than 4.3.0
{
//add slashes manually if magic quotes are off
if(!$get_magic_quotes)
{
$value = addslashes ($value);
}
//if magic quotes already exist, slashes already exists
}
return $value;
//$value = mysql_real_escape_string($value);
//$value_without_slashes = stripslashes ($value);
//return $value_without_slashes;
}
this code is supposed to ensure that clean code gets to the database
it is supposed to work in earlier versions of PHP (earlier than 4.3.0) and later versions of php (older than 4.3.0)
it works well because the data gets to the database without a problem but i get an error on the browser
$menu_name = mysql_prep($_POST['menu_name']);
is how i call the mysql_prep function
function mysql_prep($value)
{
$get_magic_quotes = get_magic_quotes_gpc();
$new_enough_php = function_exists ("mysql_real_escape_string"); //check if php version is greater than 4.3.0
if($new_enough_php) // if php is of a newer version
{
//undo magic quotes effect so that mysql_real_escape_string can work well
if ($get_magic_quotes)
{
$value = stripslashes ($value);
}
$value = mysql_real_escape_string($value);
}
else //mysql is older than 4.3.0
{
//add slashes manually if magic quotes are off
if(!$get_magic_quotes)
{
$value = addslashes ($value);
}
//if magic quotes already exist, slashes already exists
}
return $value;
//$value = mysql_real_escape_string($value);
//$value_without_slashes = stripslashes ($value);
//return $value_without_slashes;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
对于初学者来说,该函数可以缩短到大约 5 行(这样也更容易阅读)。
其次,当你调用该函数时,你是否连接到了MySQL?您必须连接 PHP 才能知道如何/什么要转义。
mysql_real_escape_string< 的手册并不是 100% 清楚/code>,但它是隐含的:如果仍然不能解决问题,我建议在执行查询之前打印查询并检查一切是否正常。
For starters, that function could be shortened to about 5 lines (it would be easier to read, too).
Secondly, are you connected to MySQL when you call that function? You must be connected for PHP to know how/what to escape. It's not 100% clear from the manual for
mysql_real_escape_string, but it is implied:If that still doesn't solve it, I suggest printing the query prior to executing it and checking everything is in order.
您不应该在 DB 方法中执行此操作,如果您运行的是 PHP 5.3+,您可以将此代码放在页面的最顶部:
它处理键、值和多维数组中的魔术引号。
You shouldn't do that inside a DB method, if you're running PHP 5.3+ you can place this code on the topmost of your page:
It handles magic quotes in keys, values and multi-dimensional arrays.