开发者

PHP SQL Server addslashes() how does this work for blank values?

开发者 https://www.devze.com 2022-12-22 05:26 出处:网络
I\'m running into the problem of users being able to submit data with \' \" and blank values. I t开发者_运维知识库hink addslashes() will work but just wanted to know what it does for blank values?

I'm running into the problem of users being able to submit data with ' " and blank values. I t开发者_运维知识库hink addslashes() will work but just wanted to know what it does for blank values?

Example:

User enters data like: Company Name: ABC's 
User can skip fields as well: Company URL: 

I want to know what addslashes() will add if they leave the field blank. I guess my question is how does addslashes() treat blanks? As NULL?


Well, if the blank really is a blank (= a completely empty value), it will be null in PHP I assume. The manual says that a ´null´ value will be escaped with a backslash:

Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash () and NUL (the NULL byte).

but when I test it using

 print_r(addslashes(null));

I get a completely empty result (=null, no backslash).


The answer provided is accurate. The one thing to consider is if you are looking specifically for the null value. While addslashes() will not affect the null value field, it will not change a 'blank' to a null value. You may have already considered this, but it may be useful to trim() the values beforehand.

$new_value = addslashes(trim($value));

This will remove any blanks or spaces from the "empty" field so that it will in fact return a null value.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号