stripos
Hi,
Here are recursive addslashes / stripslashes functions.
given a string - it will simply add / strip slashes
given an array - it will recursively add / strip slashes from the array and all of it subarrays.
if the value is not a string or array - it will remain unmodified!
<?php
function add_slashes_recursive( $variable )
{
if ( is_string( $variable ) )
return addslashes( $variable ) ;
elseif ( is_array( $variable ) )
foreach( $variable as $i => $value )
$variable[ $i ] = add_slashes_recursive( $value ) ;
return $variable ;
}
function strip_slashes_recursive( $variable )
{
if ( is_string( $variable ) )
return stripslashes( $variable ) ;
if ( is_array( $variable ) )
foreach( $variable as $i => $value )
$variable[ $i ] = strip_slashes_recursive( $value ) ;
return $variable ;
}
?>
说明
string stripslashes
( string $str
)
Un-quotes a quoted string.
Note: If magic_quotes_sybase is on, no backslashes are stripped off but two apostrophes are replaced by one instead.
An example use of stripslashes() is when the PHP directive magic_quotes_gpc is on (it's on by default), and you aren't inserting this data into a place (such as a database) that requires escaping. For example, if you're simply outputting data straight from an HTML form.
参数
- str
-
The input string.
返回值
Returns a string with backslashes stripped off. (\' becomes ' and so on.) Double backslashes (\\) are made into a single backslash (\).
范例
Example#1 A stripslashes() example
<?php
$str = "Is your name O\'reilly?";
// Outputs: Is your name O'reilly?
echo stripslashes($str);
?>
Note: stripslashes() is not recursive. If you want to apply this function to a multi-dimensional array, you need to use a recursive function.
Example#2 Using stripslashes() on an array
<?php
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
// Example
$array = array("f\\'oo", "b\\'ar", array("fo\\'o", "b\\'ar"));
$array = stripslashes_deep($array);
// Output
print_r($array);
?>
上例将输出:
Array ( [0] => f'oo [1] => b'ar [2] => Array ( [0] => fo'o [1] => b'ar ) )
add a note
User Contributed Notesstripslashes
shredder at technodrome dot com
09-May-2009 10:50
09-May-2009 10:50
dragon[dot]dionysius[at]gmail[dot]com
24-Mar-2009 04:07
24-Mar-2009 04:07
I use this function in my class to stripslashes arrays including NULL-check:
<?php
private function stripslashes_deep($value) {
if(is_array($value)) {
foreach($value as $k => $v) {
$return[$k] = $this->stripslashes_deep($v);
}
} elseif(isset($value)) {
$return = stripslashes($value);
}
return $return;
}
?>
Tom Worster
23-Mar-2009 03:26
23-Mar-2009 03:26
A replacement that should be safe on utf-8 strings.
<?php
preg_replace(array('/\x5C(?!\x5C)/u', '/\x5C\x5C/u'), array('','\\'), $s);
?>
o-zone at zerozone dot it
19-Mar-2009 11:53
19-Mar-2009 11:53
If you need to remove all slashes from a string, here's a quick hack:
<?php
function stripallslashes($string) {
while(strchr($string,'\\')) {
$string = stripslashes($string);
}
}
?>
Hope it's usefull , O-Zone
techdesk100
28-Apr-2008 02:58
28-Apr-2008 02:58
Function which checks if $input has correct slashes,
otherwise adds slashes. For cases when you are not sure the input is not already addslashed.
public function addslashes_once($input){
//These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
$pattern = array("\\'", "\\\"", "\\\\", "\\0");
$replace = array("", "", "", "");
if(preg_match("/[\\\\'\"\\0]/", str_replace($pattern, $replace, $input))){
return addslashes($input);
}
else{
return $input;
}
}
Aditya P Bhatt (adityabhai at gmail dot com)
28-Mar-2008 06:03
28-Mar-2008 06:03
Here is simple example code which you can use as a common function in your functions file:
<?php
function stripslashes_if_gpc_magic_quotes( $string ) {
if(get_magic_quotes_gpc()) {
return stripslashes($string);
} else {
return $string;
}
}
?>
Evgeny
26-Feb-2008 03:52
26-Feb-2008 03:52
extended version of stripslashes_deep. This allow to strip one also in the array_keys
function stripslashes_deep($value) {
if (is_array($value)) {
if (count($value)>0) {
$return = array_combine(array_map('stripslashes_deep', array_keys($value)),array_map('stripslashes_deep', array_values($value)));
} else {
$return = array_map('stripslashes_deep', $value);
}
return $return;
} else {
$return = stripslashes($value);
return $return ;
}
}
tokyoahead
11-Jan-2008 05:39
11-Jan-2008 05:39
I am using this here to clear data in a CMS against SQL injections and other mayhem. The flow is:
1. input into form
2. get from $_GET/$_POST
3. cleanup($data, true)
4. save to SQL
5. load from SQL
6. cleanup($data, false)
7. show in form for new edit or on the website
<?php
function cleanup($data, $write=false) {
if (is_array($data)) {
foreach ($data as $key => $value) {
$data[$key] = cleanup_lvl2($value, $write);
}
} else {
$data = cleanup_lvl2($data, $write);
}
return $data;
}
function cleanup_lvl2($data, $write=false) {
if (isset($data)) { // preserve NULL
if (get_magic_quotes_gpc()) {
$data = stripslashes($data);
}
if ($write) {
$data = mysql_real_escape_string($data);
}
}
return $data;
}
?>
alex dot launi at gmail dot com
21-Dec-2007 03:16
21-Dec-2007 03:16
kibby: I modified the stripslashes_deep() function so that I could use it on NULL values.
function stripslashes_deep($value)
{
if(isset($value)) {
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
}
return $value;
}
lukas.skowronski at gmail dot com
20-Jun-2007 11:15
20-Jun-2007 11:15
If You want to delete all slashes from any table try to use my function:
function no_slashes($array)
{
foreach($array as $key=>$value)
{
if(is_array($value))
{
$value=no_slashes($value);
$array_temp[$key]=$value;
}
else
{
$array_temp[$key]=stripslashes($value);
}
}
return $array_temp;
}
dragonfly at networkinsight dot net
11-Mar-2007 11:22
11-Mar-2007 11:22
If you are having trouble with stripslashes() corrupting binary data, try using urlencode() and urldecode() instead.
JAB Creations
06-Mar-2007 04:49
06-Mar-2007 04:49
When writing to a flatfile such as an HTML page you'll notice slashes being inserted. When you write to that page it's interesting how to apply stripslashes...
I replaced this line...
<?php fwrite($file, $_POST['textarea']); ?>
With...
<?php if (get_magic_quotes_gpc()) {fwrite ($file, stripslashes($_POST['textarea']));}?>
You have to directly apply stripslashes to $_POST, $_GET, $_REQUEST, and $_COOKIE.
gregory at nutt dot ca
22-Feb-2007 02:48
22-Feb-2007 02:48
Here is code I use to clean the results from a MySQL query using the stripslashes function.
I do it by passing the sql result and the sql columns to the function strip_slashes_mysql_results. This way, my data is already clean by the time I want to use it.
function db_query($querystring, $array, $columns)
{
if (!$this->connect_to_mysql())
return 0;
$queryresult = mysql_query($querystring, $this->link)
or die("Invalid query: " . mysql_error());
if(mysql_num_rows($queryresult))
{
$columns = mysql_field_names ($queryresult);
if($array)
{
while($row = mysql_fetch_row($queryresult))
$row_meta[] = $this->strip_slashes_mysql_results($row, $columns);
return $row_meta;
}
else
{
while($row = mysql_fetch_object($queryresult))
$row_meta[] = $this->strip_slashes_mysql_results($row, $columns);
return $row_meta;
}
}
else
return 0;
}
function strip_slashes_mysql_results($result, $columns)
{
foreach($columns as $column)
{
if($this->debug)
printp(sprintf("strip_slashes_mysql_results: %s",strip_slashes_mysql_results));
$result->$column = stripslashes($result->$column);
}
return $result;
}
Allen
07-Feb-2007 07:41
07-Feb-2007 07:41
In response to Tim's solution, it is only good for one-dimensional array. If the variables happened to be multi-dimensional arrays, we still have to use function like 'stripslashes_deep'.
stoic
02-Jan-2007 04:31
02-Jan-2007 04:31
in response to crab dot crab at gmail dot com:
$value need not be passed by reference. The 'stripped' value is returned. The passed value is not altered.
Kibby
14-May-2006 08:41
14-May-2006 08:41
Okay, if using stripslashes_deep, it will definitely replace any NULL to "". This will affect to coding that depends isset(). Please provide a workaround based on recent note.
hauser dot j at gmail dot com
21-Feb-2006 10:13
21-Feb-2006 10:13
Don't use stripslashes if you depend on the values NULL.
Apparently stripslashes converts NULL to string(0) ""
<?php
$a = null;
var_dump($a);
$b = stripslashes($a);
var_dump($b);
?>
Will output
NULL
string(0) ""
alf at mitose dot net
26-Oct-2005 12:09
26-Oct-2005 12:09
Take care using stripslashes() if the text you want to insert in the database contain \n characters ! You'll see "n" instead of (not seeing) "\n".
It should be no problem for XML, but is still boring ...
r_loebs at hotmail dot com
25-Jun-2005 02:03
25-Jun-2005 02:03
Of course why not just do an
if($r){ stuff; } <-- this will check it all, NULL, 0, ""
10-Feb-2005 03:45
If you want to deal with slashes in double-byte encodings, such as shift_jis or big5, you may use this:
<?
function stripslashes2($string) {
$string = str_replace("\\\"", "\"", $string);
$string = str_replace("\\'", "'", $string);
$string = str_replace("\\\\", "\\", $string);
return $string;
}
?>
mattyblah at gmail dot com
10-Sep-2004 03:51
10-Sep-2004 03:51
It should be of note that if you are stripping slashes to get rid of the slashes added by magic_quotes_gpc then it will also remove slashes from \. This may not seem that bad but if you have someone enter text such as 'testing\' with a slash at the end, this will cause an error if not corrected. It's best to strip the slashes, then add a slash to every single slash using $text = str_replace('\\', '\\\\', $text);
hash at samurai dot fm
01-Dec-2003 05:34
01-Dec-2003 05:34
Might I warn readers that they should be vary careful with the use of stripslashes on Japanese text. The shift_jis character set includes a number of two-byte code charcters that contain the hex-value 0x5c (backslash) which will get stripped by this function thus garbling those characters.
What a nightmare!