i 上 db2 的 db2_escape_string 替换函数
PHP 的 db2_escape_string() 函数使用反斜杠 \ 作为转义字符。不管出于什么原因,我在 i 上的 DB2 实例在转义字符串时需要一个撇号 '。到目前为止我的解决方案是 str_replace():
str_replace("'", "''", $var);
但这变得非常乏味。我正在使用 codeigniter,它在 i 驱动程序上有一个 db2(db2c,如果您感兴趣),它有一个 _prep_query() 函数,可以在执行之前转义我的所有语句,但我不知道用什么来替换 db2_escape_string () 和。我认为存在一些可笑的 preg_replace() 函数可以解决我的问题,但我的正则表达式技能很糟糕。我什至不知道从哪里开始。
或者,如果有人知道如何将 i 上的 DB2 中的转义字符更改为反斜杠,那就可以解决我的问题。 。 。或者我们是否可以禁止英语中使用撇号。
PHP's db2_escape_string() function uses a backslash \ as an escape character. For whatever reason, my instance of DB2 on i expects an apostrophe ' when escaping a string. My solution so far has been str_replace():
str_replace("'", "''", $var);
But that's getting pretty tedious. I'm using codeigniter, which has a db2 on i driver (db2c, if you're interested), which has a _prep_query() function, which could escape all my statements before execution, but I don't know what to replace db2_escape_string() with. I assume there exists some ridiculous preg_replace() function that would solve my problem, but my regex skills are terrible. I don't even know where to begin.
Alternatively, if someone knows how to change the escape character in DB2 on i to a backslash, that would solve my problem . . . or if we could ban apostrophes from the English language.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我建议使用准备好的语句(db2_prepare,后跟 db2_execute) 而不是原始 sql (db2_exec) 作为避免字符串转义的一种方法 问题。您传递给 db2_execute 的参数将以正确的方式自动转义。
如果您遇到编码问题,utf8_decode 可能会有所帮助。
准备好的语句可以防止恶意 SQL 注入的可能性。在 DB2 中,它们还允许您一次插入超过 32k 的数据。
I would suggest using prepared statements (db2_prepare, followed by db2_execute) instead of raw sql (db2_exec) as a way of avoiding the string escape problem. The parameters you pass into db2_execute will be automatically escaped in the correct way.
If you are running into encoding issues, utf8_decode might help.
Prepared statements prevent the possibility of hostile SQL injection. In DB2, they also let you insert more than 32k of data at a time.
如果您可以将转义字符更改为反斜杠,肯定会更好,但我不知道该怎么做...
大概是 PHP 文档中提到的 db2_escape_string 的其他字符(http://nz.php.net /manual/en/function.db2-escape-string.php) 仍然需要用反斜杠转义。
我认为您最好调用 db2_escape_string,然后修复已用反斜杠转义的撇号,而不是尝试在 preg_replace 调用中复制 db2_escape_string 函数的功能。
这似乎对我有用(尽管我不明白为什么我需要 5 个反斜杠而不是 3 个):
Would definitely be better if you could change the escape character to a backslash, but I don't know how to do that so...
Presumably the other characters mentioned in the PHP docs for db2_escape_string (http://nz.php.net/manual/en/function.db2-escape-string.php) would still need to be escaped with a backslash.
Rather than trying to replicate the functionality of the db2_escape_string function in a preg_replace call, I think you're best calling db2_escape_string and then fixing up the apostrophes that have been escaped with a backslash.
This seemed to work for me (though I'm at a loss to understand why I needed 5 backslashes instead of 3):