PHP/String/String Escape
Содержание
addslashes(): escapes quotes, double quotes, backslashes, and NULLs with backslashes
<source lang="html4strict">
<?php $escapedstring = addslashes("He said, "I"m a dog.""); $query = "INSERT INTO test (quote) values ("$escapedstring")"; echo($query); ?>
</source>
quotemeta(): escapes \ + * ? [ ^ ] ( $ )
<source lang="html4strict">
<?
$literal_string = "AAA ($, *) are very special to me\n
";
$qm_string = quotemeta($literal_string);
echo $qm_string;
?>
</source>
String SQL command escape
<source lang="html4strict">
<?php $query = "SELECT quote FROM test WHERE \"ID\"=1"; $quote = stripslashes($query);
echo $quote; ?>
</source>
To embed a single quote in a singly quoted string, escape it with a backslash
<source lang="html4strict">
<? $singly_quoted = "This quote mark\"s no big deal either"; echo ($singly_quoted); ?>
</source>