问题描述

我必须在表单上转义一些输入.我使用mysql_real_escape_string来转义该值，但它在数据库中的值上添加了很多斜杠，原因是我在输入中加了撇号，让我们说一下exp's.

I have to escape some inputs on a form. I used mysql_real_escape_string to escape the value but it adds a lot slashes with value inside database, the reason is i have an apostrophe in my input let us say exp's.

现在要摆脱斜杠，我在mysql_real_escape_string之后使用反斜杠，然后数据成功进入数据库，并且看不到数据库中有任何撇号.

Now to get rid of slashes, I use stripslashes after mysql_real_escape_string and then data goes to database successfully and don't see any apostrophe with value in database.

$name = mysql_real_escape_string(trim($_POST['userame']));
$name = stripslashes(stripslashes($userame));

//然后将数据成功地发送到db而不带撇号

// then data goes to db successfully without apostrophe

我只是想确认一下，这是转义输入值的正确方法吗?谢谢

I just wanted to confirm, is this correct way of escaping the input value? Thanks

达扬

推荐答案

1. 禁用魔术引号
2. mysql_real_escape_string(stripslashes($_POST['username']));

1. Disabling Magic Quotes
2. mysql_real_escape_string(stripslashes($_POST['username']));

这篇关于在mysql_real_escape_string之后使用反斜杠的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！