堆栈内存溢出
  简体   繁体   English

为启用了魔术引号的系统创建real_escape_string()方法

[英]Creating a real_escape_string() method for systems with magic quotes enabled

 原文  2015-11-01 00:02:29       php/ mysql/ oop/ mysqli/ magic-quotes-gpc

问题描述

The book I'm learning PHP from says that in order to prevent people using things like quotes to alter the query, you should use the real_escape_string function. 我正在学习PHP的书中说,为了防止人们使用引号等内容来更改查询,您应该使用real_escape_string函数。 The author then goes on to say that on some older systems, where magic quotes is enabled, using real_escape_string could end up double escaping some characters, so he creates this function: 然后作者继续说,在某些启用了魔术引号的较旧的系统上,使用real_escape_string可能会导致两次转义某些字符,因此他创建了以下功能: 

<?php
    function mysql_fix_string($conn, $string) {
        if (get_magic_quotes_gpc()) $string = stripslashes($string);
        return $conn->real_escape_string($string);
    }
?>

Would it be okay to turn this into a method in an extended class of the mysqli class? 将其转换为mysqli类的扩展类中的方法是否可以? (There isn't any real reason why I wanted to, other than that I wanted to pass in as few arguments as possible.) (除了要传递尽可能少的参数之外,没有其他任何真正的原因。)

If so, is this the right way to do it? 如果是这样,这是正确的方法吗? 

class mysqli_extended extends mysqli {
    public function fix_string($string) {
        if(get_magic_quotes_gpc()) {
            $string = stripslashes($string);
        }
        return $this->real_escape_string($string);
    }
}

And is this a situation where a static method makes more sense? 在这种情况下,使用静态方法更有意义吗? If so, how could it be rewritten as a static method, and if not, then why? 如果是这样,如何将其重写为静态方法?如果不是,那么为什么呢?

Since I just asked like a million questions, I'll put a summary of them here: 由于我只是问了一百万个问题,因此我将在此处进行总结:

  1. Is it okay to create a method for this purpose. 为此可以创建一种方法吗? (Are there any drawbacks to this?) (这有什么缺点吗?)
  2. Is the above code the correct way to do so? 上面的代码是正确的方法吗?
  3. Should it be a static method? 应该是静态方法吗?
  4. How would you make it a static method? 您将如何使其成为静态方法?

1 个解决方案

解决方案1
 1 已采纳  2015-11-01 00:09:39

Magic quotes has been deprecated as of php 5.3 and is removed in 5.4. 自PHP 5.3起,魔术引号已弃用,并在5.4中删除。 I recommend learn php the right way 我建议以正确的方式学习php

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Mysql Php使用real_escape_string转义单引号 - Mysql Php Escaping single quotes with real_escape_string “ real_escape_string”问题 - problem with “real_escape_string” 调用未定义的方法PDO :: real_escape_string() - Call to undefined method PDO::real_escape_string() 找不到方法“ real_escape_string”,如何解决? - Method 'real_escape_string' not found, how to fix? 对应的mysqli :: real_escape_string? - The counterpart of mysqli::real_escape_string? 混淆htmlspecialchars,real_escape_string等 - Confused on htmlspecialchars, real_escape_string, etc php的mysqli-&gt; real_escape_string()将引号转换为htmlchars - php's mysqli->real_escape_string() converting quotes to htmlchars 带有real_escape_string的MySQLi不能与方括号一起使用 - MySQLi with real_escape_string not working with brackets mysqli-&gt;real_escape_string - mysqli->real_escape_string real_escape_string不适用于php oop - real_escape_string is not working for php oop
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM