PHP str_replace quotes and double quotes
Question
I have a textarea and the user can type in single quotes and double quotes, but before I insert this data in the database, I would like to replace the quotes with \\' and double quotes \\" I tried to do the following:
$_POST = str_replace("'", "\'", $_POST);
$_POST = str_replace(""", "\"", $_POST);
when I run this, I just get a blank screen no errors, am i doing this wrong?
4 answers
solution1
2 ACCPTED 2014-07-22 20:42:32
You really shouldn't do it. You should use PDO and prepared statements or at least mysqli and mysqli_real_escape_string . Using addslashes to insert data to database it's very bad idea.
EDIT
And you shouldn't use mysql functions (I see you tried in your question comment) because they are deprecated already. Use mysqli functions if you don't want to use PDO
solution2
0 2014-07-22 20:42:43
$_POST is an array and you can't use string replacement functions for that. You have to do it directly on the fields themself, for example at $_POST['name']
solution3
0 2014-07-22 20:43:17
只需使用mysql_real_escape_string,并尝试对超级全局变量执行字符串操作...不是一个好主意(以防您不知道这些变量是数组)
solution4
0 2014-07-22 20:50:27
为什么不使用:
mysqli_real_escape_string
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.