stackoom
  简体   繁体   中英

do I need to escape_string for a json_encoded object?

 原文  2012-01-07 16:20:26       php/ mysql/ json

Question

I have a json object I want to store in my db: 

$string='{"test": [{"name":"dave","user":"dan"}]}';
  $encoded=json_encode($string);

  $connection=Database::getInstance();
  $escaped=mysqli_real_escape_string($connection->connection,$encoded);
  $q="UPDATE table SET column=?";

  $s=mysqli_prepare($conn->connection,$query);
  mysqli_stmt_bind_param($s,'s',$escaped);
  mysqli_stmt_execute($s);

When I json_encode and mysqli_real_escape_string, it appears as the following in my db: 

  \"{\\\"test\\\": [{\\\"name\\\":\\\"dave\\\",\\\"user\\\":\\\"dan\\\"}]}\"

Obviously, I don't want to invite hackers but it seems like a crazy amount of slashes...do I need to do BOTH json_encode or mysqli_real_escape_string or can I just use json_encode?

1 answers

solution1
 3 ACCPTED  2012-01-07 16:22:19

You are already using a parametrized query - mysqli_real_escape_string() is not necessary in that case any more. (In fact, it is wrong because it breaks the data.)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question To Edit Json_encoded string Passing json_encoded string with single quote gettype returning string when i pass Json_decode value of json_encoded array and stored in database Call to a member function escape_string() on a non-object PHP json_decode a json_encoded string How do you append to a PDO resultset array or Json_encoded string? PHP json_encoded message match with java json object Remove double-quotes from a json_encoded string on the keys Remove Quotes from json_encoded string value Why does this json_encoded string NOT return the fourth element?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM