如何防止SQL使用单引号字符存储转义字符
[英]How to prevent SQL to store escape character with single quote character
问题描述
I need to store text strings that will have single quote at beginning and end. 
我需要存储在开头和结尾都带有单引号的文本字符串。 I'm issuing JavaScript command from PHP. 我正在从PHP发布JavaScript命令。 I'm adding the quotes to the string like this: 我将引号添加到这样的字符串中:
echo '<script type="text/javascript">';
echo 'function GetCodes() {';
echo 'var vlist = document.getElementById("vListOfCodes");';
echo 'var vcodes = "";';
echo 'var i;';
echo 'for (i = 0; i < vlist.length; i++) {';
echo 'if (i == 0) {';
echo 'vcodes = vcodes + "\'" + vlist.options[i].value + "\'";';
echo '}';
echo 'else {';
echo 'vcodes = vcodes + ",\'" + vlist.options[i].value + "\'";';
echo '}';
echo '}';
echo 'document.getElementById("vStringOfCodes").value = vcodes;';
echo '}';
echo '</script>';
When the form is posted and the $_POST['vStringOfCodes'] data saved to SQL SERVER table the backslash character is added along with the single quote, meaning instead of a value in the field of 发布表单并将$ _POST ['vStringOfCodes']数据保存到SQL SERVER表时,将反斜杠字符与单引号一起添加,这意味着将代替
'mystring',´mystring2',...
i have 我有
\\'mystring\\',\\'mystring2\\',...
How can i prevent those backslashes from being added there? 如何防止在其中添加反斜杠?
1 个解决方案
解决方案1
1 已采纳 2018-03-15 12:06:07
You can use php native function stripslashes . 您可以使用php原生函数stripslashes 。
$str = "\'mytext\'";
echo stripslashes($str);
//outputs 'mytext'
//in your case
echo stripslashes($_POST['HiddenInput'])
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.