i 上 db2 的 db2_escape_string 替换函数

发布于 2024-11-05 01:25:07 字数 478 浏览 4 评论 0原文

PHP 的 db2_escape_string() 函数使用反斜杠 \ 作为转义字符。不管出于什么原因,我在 i 上的 DB2 实例在转义字符串时需要一个撇号 '。到目前为止我的解决方案是 str_replace():

str_replace("'", "''", $var);

但这变得非常乏味。我正在使用 codeigniter,它在 i 驱动程序上有一个 db2(db2c,如果您感兴趣),它有一个 _prep_query() 函数,可以在执行之前转义我的所有语句,但我不知道用什么来替换 db2_escape_string () 和。我认为存在一些可笑的 preg_replace() 函数可以解决我的问题,但我的正则表达式技能很糟糕。我什至不知道从哪里开始。

或者,如果有人知道如何将 i 上的 DB2 中的转义字符更改为反斜杠,那就可以解决我的问题。 。 。或者我们是否可以禁止英语中使用撇号。

PHP's db2_escape_string() function uses a backslash \ as an escape character. For whatever reason, my instance of DB2 on i expects an apostrophe ' when escaping a string. My solution so far has been str_replace():

str_replace("'", "''", $var);

But that's getting pretty tedious. I'm using codeigniter, which has a db2 on i driver (db2c, if you're interested), which has a _prep_query() function, which could escape all my statements before execution, but I don't know what to replace db2_escape_string() with. I assume there exists some ridiculous preg_replace() function that would solve my problem, but my regex skills are terrible. I don't even know where to begin.

Alternatively, if someone knows how to change the escape character in DB2 on i to a backslash, that would solve my problem . . . or if we could ban apostrophes from the English language.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

沫尐诺 2024-11-12 01:25:07

我建议使用准备好的语句(db2_prepare,后跟 db2_execute) 而不是原始 sql (db2_exec) 作为避免字符串转义的一种方法 问题。您传递给 db2_execute 的参数将以正确的方式自动转义。

如果您遇到编码问题,utf8_decode 可能会有所帮助。

准备好的语句可以防止恶意 SQL 注入的可能性。在 DB2 中,它们还允许您一次插入超过 32k 的数据。

I would suggest using prepared statements (db2_prepare, followed by db2_execute) instead of raw sql (db2_exec) as a way of avoiding the string escape problem. The parameters you pass into db2_execute will be automatically escaped in the correct way.

If you are running into encoding issues, utf8_decode might help.

Prepared statements prevent the possibility of hostile SQL injection. In DB2, they also let you insert more than 32k of data at a time.

慕巷 2024-11-12 01:25:07

如果您可以将转义字符更改为反斜杠,肯定会更好,但我不知道该怎么做...

大概是 PHP 文档中提到的 db2_escape_string 的其他字符(http://nz.php.net /manual/en/function.db2-escape-string.php) 仍然需要用反斜杠转义。

我认为您最好调用 db2_escape_string,然后修复已用反斜杠转义的撇号,而不是尝试在 preg_replace 调用中复制 db2_escape_string 函数的功能。

这似乎对我有用(尽管我不明白为什么我需要 5 个反斜杠而不是 3 个):

$var = db2_escape_string($var);
$var = preg_replace('/\\\\\'/',"''",$var);

Would definitely be better if you could change the escape character to a backslash, but I don't know how to do that so...

Presumably the other characters mentioned in the PHP docs for db2_escape_string (http://nz.php.net/manual/en/function.db2-escape-string.php) would still need to be escaped with a backslash.

Rather than trying to replicate the functionality of the db2_escape_string function in a preg_replace call, I think you're best calling db2_escape_string and then fixing up the apostrophes that have been escaped with a backslash.

This seemed to work for me (though I'm at a loss to understand why I needed 5 backslashes instead of 3):

$var = db2_escape_string($var);
$var = preg_replace('/\\\\\'/',"''",$var);
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文