取消换行符和换行符是否安全?
使用 mysql_real_escape_string 清理输入然后取消换行符是否安全? 例如:
$to_database = mysql_real_escape_string($_POST['some_input']);
$to_database = str_replace('\n', "\n", $to_database);
$to_database = str_replace('\r', "\r", $to_database);
我需要这个,因为它们破坏了我存储在数据库中的降价。
Is it safe to sanitize the input with mysql_real_escape_string and then unescape line-breaks?
For example:
$to_database = mysql_real_escape_string($_POST['some_input']);
$to_database = str_replace('\n', "\n", $to_database);
$to_database = str_replace('\r', "\r", $to_database);
I need this, because they spoil my markdown which is stored in database.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
要取消转义“\n”或“\r”等特殊字符,您需要在从数据库中提取数据后使用 stripcslashes (而不是 stripslashes)
To unescape special characters like '\n' or '\r' you need use stripcslashes (not stripslashes) after pulling from database
在 mysql_real_escape_string 之后取消转义任何内容都是没有意义的。如果数据没有正确读回,很可能魔法引号被打开。在这种情况下,你必须在转义之前去掉斜杠。 (但仅当魔术引号打开时才执行此操作 - 您可以在运行时检查此项)
There is no point in unescaping anything after the mysql_real_escape_string. If the data is not read correcly back, most likely magic quotes is turned on. In that case, you have to stripslashes before the escaping. (But do this only if magic quotes is turned on - you can check this at runtime)