问题描述
这个问题在不同的地方提出过几次,但是我没有找到明确明确的答案.大多数解决方案都涉及人们说要禁用php.ini文件上的魔术引号"(我这样做了)或修改核心WP文件.
This question has been posed a few times in various places, but I haven't found a definative and clear answer. Most solutions involve people saying to disable Magic Quotes on the php.ini file (which I did) or modifying core WP files.
无论如何,问题是这样的:为什么每次我使用$ wpdb-> insert或$ wpdb-> update时,为什么在任何单引号之前都添加一个斜杠.例如:
Anyways, the question is this: why is it everytime I use $wpdb->insert or $wpdb->update a slash gets added before any single quote. So for instance:
这是我使用的示例代码:
Here's a sample code I used:
$id = $_POST['id'];
$title = $_POST['title'];
$message = $_POST['message'];
$wpdb->update('table_name', array('id'=>$id, 'title'=>$title, 'message'=>$message), array('id'=>$id))
相同的问题在这里: Wordpress数据库输出-删除SQL注入转义,但是除了禁用魔术引号"之外,它从未得到解决
The same problem was here: Wordpress Database Output - Remove SQL Injection Escapes but it was never solved aside from "disable magic quotes"
推荐答案
在此上度过一天之后,答案如下:
After spending the day on this, the answer is as follows:
Wordpress在$ _POST声明处转义,而不是在实际插入处转义,这很奇怪.
Wordpress escapes at the $_POST declaration, not at the actual insert, which is bizarre.
$id = stripslashes_deep($_POST['id']); //added stripslashes_deep which removes WP escaping.
$title = stripslashes_deep($_POST['title']);
$message = stripslashes_deep($_POST['message']);
$wpdb->update('table_name', array('id'=>$id, 'title'=>$title, 'message'=>$message), array('id'=>$id));
这样做将意味着WP不会在任何引号之前添加斜杠.
Doing this will mean that WP will not add slashes before any quotes.
这篇关于$ wpdb-> update或$ wpdb-> insert结果会在引号前添加斜杠的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!