I have a textarea and the user can type in single quotes and double quotes, but before I insert this data in the database, I would like to replace the quotes with \\' and double quotes \\" I tried to do the following:
$_POST = str_replace("'", "\'", $_POST);
$_POST = str_replace(""", "\"", $_POST);
when I run this, I just get a blank screen no errors, am i doing this wrong?
You really shouldn't do it. You should use PDO and prepared statements
or at least mysqli and mysqli_real_escape_string
. Using addslashes
to insert data to database it's very bad idea.
EDIT
And you shouldn't use mysql
functions (I see you tried in your question comment) because they are deprecated already. Use mysqli
functions if you don't want to use PDO
$_POST
is an array and you can't use string replacement functions for that. You have to do it directly on the fields themself, for example at $_POST['name']
只需使用mysql_real_escape_string,并尝试对超级全局变量执行字符串操作...不是一个好主意(以防您不知道这些变量是数组)
为什么不使用:
mysqli_real_escape_string
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.