开发者

base64_encode apostrophe

开发者 https://www.devze.com 2023-02-13 18:47 出处:网络
Everytime I base64_encode(); new data in my database and it contains apostrophes (\'), my text c开发者_C百科omes out like this when I base64_decode it:

Everytime I base64_encode(); new data in my database and it contains apostrophes ('), my text c开发者_C百科omes out like this when I base64_decode it:

Original: Hi! Where's everyone?

After Encryption: Hi! Where/'s everyone?

How do I stop this with PHP?


Just get rid of base64 encoding and you'll be fine.
Do not encode before insert.
Do not decode when retrieve.

That's all.

Look, your case is all clear.

  • First, you are escaping your data, by adding backslashes to the several characters.
    That's enough for the strings, enclosed in the query in quotes. No more encoding needed ever!
    These backslashes should go off then data got inserted, so, you get your data untouched in the database.

  • Next, you're encoding your strings, sealing slashes within!
    Then, after decoding, you have a backslash in your data.

So, you have just to get rid of base64, and everything will be okay at once!


I think this has to do with magic_quotes being on.

Am I correct to suppose that you base64_encode data coming from a form and saving it to the database?

If so, define and use this function to process anything that comes from $_GET, $_POST or $_COOKIE:

function escape_gpc($var) {
    return get_magic_quotes_gpc() ? stripslashes($var) : $var;
}

if (isset($_POST['form_sent'])) {
    $somedata = escape_gpc($_POST['somedata']);
    // and then you base64_encode it and insert into the database.
}


You can use stripslashes() on the decoded output, but make sure that it was properly escaped before being inserted into the database to begin with. Are you encoding and decoding it both with PHP?


If you're not using some escaping function (I suppose mysql_real_escape_string, but just out of statistics, you didn't mention if you're using a DB over the other or prepared statements), chances are you have magic_quotes_gpc directive on in php.ini, so escaping backslashes are added automatically before inserting datas into DB. So, when retrieving records, you'll have the backslash. Encoding/decoding is just what it's supposed to be: encoding and decoding a string.

use $decoded = stripslashes(base_64decode($your_datas_from_db));

0

精彩评论

暂无评论...
验证码 换一张
取 消