PHP“添加斜杠”行为不符合预期
这已经让人发疯了,但我似乎找不到答案。我们运行一个技术知识库,有时会包含用于映射到网络驱动器的 Windows samba 路径。
例如: \\servername\sharename
当我们包含后面有两个反斜杠的路径时,运行“addslashes”时它们不会正确转义。我的预期结果是“\\\\servername\\sharename”,但它返回“\\servername\\sharename”。显然,当稍后运行“stripslashes”时,双反斜杠前缀只是一个斜杠。我还尝试使用 str_replace("\\", "\", $variable); 但它返回 "\servername\当我期望“\\servername\sharename”时。
因此,使用addslashes,它会忽略第一组双反斜杠,而使用str_replace,它会将双反斜杠更改为单个编码反斜杠。
我们需要运行addslashes和stripslashes来插入数据库;使用 pg_escape_string 在我们的具体情况下不起作用。
它在 Apache 上的 PHP 5.3.1 上运行。
编辑:示例代码$variable = '在标有文件夹类型的框中:\\servername\sharename';echo addslashes($variable);
这将返回: 在标有文件夹类型的框中:\\servername\\sharename
编辑:示例代码#2$variable = '在标有文件夹类型的框中:\\servername\sharename';echo str_replace('\\', '\', $variable);
这将返回:在标有文件夹类型的框中:\servername\sharename
我还想指出,使用单引号或双引号不会给我带来不同的结果(如您所料)。使用其中之一或两者都会得到相同的确切结果。
有人对我能做什么有什么建议吗?
This has been driving be crazy, but I can't seem to find an answer. We run a technical knowledge base that will sometimes include Windows samba paths for mapping to network drives.
For example: \\servername\sharename
When we include paths that have two backslashes followed by each other, they are not escaped properly when running 'addslashes'. My expected results would be "\\\\servername\\sharename", however it returns "\\servername\\sharename". Obviously, when running 'stripslashes' later on, the double backslash prefix is only a single slash. I've also tried using a str_replace("\\", "\", $variable); however it returns "\servername\sharename" when I would expect "\\servername\sharename".
So with addslashes, it ignores the first set of double-backslashes and with str_replace it changes the double-backslashes into a single, encoded backslash.
We need to run addslashes and stripslashes for database insertion; using pg_escape_string won't work in our specific case.
This is running on PHP 5.3.1 on Apache.
EDIT: Example Code$variable = 'In the box labeled Folder type: \\servername\sharename';echo addslashes($variable);
This returns: In the box labeled Folder type: \\servername\\sharename
EDIT: Example Code #2$variable = 'In the box labeled Folder type: \\servername\sharename';echo str_replace('\\', '\', $variable);
This returns: In the box labeled Folder type: \servername\sharename
I'd also like to state that using a single quotes or double-quotes does not give me different results (as you would expect). Using either or both give me the same exact results.
Does anyone have any suggestions on what I can possibly do?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我想我知道问题出在哪里了。只要尝试运行这个:
这个
PHP 即使使用单引号也会转义双斜杠,因为它是用来转义单引号的。
I think I know where is a problem. Just try to run this one:
And this one
PHP escapes double slashes even with single quotes, because it is used to escape single quote.
对您描述的问题进行测试,我获得您想要的行为的唯一方法是将条件与正则表达式结合起来,并预测开头的双斜杠。
输出:
虽然这可能不是一个彻底的答案,但它确实有效,并说明了这两种结构处理转义字符的差异。如果使用的话,!可以使用另一个正则表达式轻松替换为所需的字符。
Ran a test on the problem you described, and the only way I could get the behavior you desired was to couple a conditional with a regex and anticipate the double slashes at the start.
This outputs:
While this may not be an outright answer, it does work and illustrates a difference in how the escape character is treated by these two constructs. If used, the ! could easily be replaced with the desired characters using another regex.
这不是
addslashes的问题,而是您将字符串分配给变量的方式的问题。这将返回: 在标有文件夹类型的框中:\servername\sharename
这是因为双反斜杠被解释为转义反斜杠。请改用此作业。
This is not a problem with
addslashes, it is a problem with the way you are assigning the string to your variable.This returns: In the box labeled Folder type: \servername\sharename
This is because the double backslash is interpreted as an escaped backslash. Use this assignment instead.
经过更多测试,我确定这确实与 PHP 处理硬编码字符串的方式有关。由于硬编码字符串不是我感兴趣的(我只是将它们用于测试/本示例),因此我创建了一个带有单个文本框和提交按钮的表单。
addslashes可以通过这种方式正确转义 POST 数据。经过更多研究,我确定我遇到的问题是 PostgreSQL 如何接受转义数据。将数据插入 PostgreSQL 数据库后,它将删除实际将数据放入表中时给出的任何转义字符。因此,在拉回数据时,不需要
stripslashes删除转义字符。此问题源于从 PHP 4.1(启用 Magic Quotes)到 PHP 5.3(不推荐使用 Magic Quotes)的代码迁移。在现有系统(PHP4)中,我认为我们没有意识到 Magic Quotes 已打开。因此,所有 POST 数据都已被转义,然后我们在插入之前使用
addslashes再次转义该数据。当它插入到 PostgreSQL 中时,它会删除一组斜杠并保留另一组,因此需要我们在退出时stripslashes。现在,关闭 Magic Quotes 后,我们可以使用addslashes进行转义,但在退出时不需要使用stripslashes。组织和确定问题到底出在哪里非常困难,所以我知道这个答案与我原来的问题有点偏离。不过,我确实感谢所有做出贡献的人。让其他人表达他们的想法总是有助于让你思考你自己可能没有的途径。
I've determined, with more testing, that it indeed is with how PHP is handling hard-coded strings. Since hard-coded strings are not what I'm interested in (I was just using them for testing/this example), I created a form with a single text box and a submit button.
addslasheswould correctly escape the POST'ed data this way.Doing even more research, I determined that the issue I was experiencing was with how PostgreSQL accepts escaped data. Upon inserting data into a PostgreSQL database, it will remove any escape characters it is given when it actually places the data in the table. Therefore,
stripslashesis not required to remove escape characters when pulling the data back out.This problem stemmed from code migration from PHP 4.1 (with Magic Quotes on) to PHP 5.3 (with Magic Quotes deprecated). In the existing system (PHP4), I don't think we were aware that Magic Quotes were on. Therefore, all POST data was being escaped already and then we were escaping that data again with
addslashesbefore inserting. When it got inserted into PostgreSQL, it would strip one set of slashes and leave the other, therefore requiring us tostripslasheson the way out. Now, with Magic Quotes off, we escape withaddslashesbut are not required to usestripslasheson the way out.It was very hard to organize and determine exactly where the problem lay, so I know this answer is a little off to my original question. I do, however, thank everyone who contributed. Having other people sound off on their ideas always helps to make you think on avenues you may not have on your own.