0

The book I'm learning PHP from says that in order to prevent people using things like quotes to alter the query, you should use the real_escape_string function. The author then goes on to say that on some older systems, where magic quotes is enabled, using real_escape_string could end up double escaping some characters, so he creates this function:

<?php
    function mysql_fix_string($conn, $string) {
        if (get_magic_quotes_gpc()) $string = stripslashes($string);
        return $conn->real_escape_string($string);
    }
?>

Would it be okay to turn this into a method in an extended class of the mysqli class? (There isn't any real reason why I wanted to, other than that I wanted to pass in as few arguments as possible.)

If so, is this the right way to do it?

class mysqli_extended extends mysqli {
    public function fix_string($string) {
        if(get_magic_quotes_gpc()) {
            $string = stripslashes($string);
        }
        return $this->real_escape_string($string);
    }
}

And is this a situation where a static method makes more sense? If so, how could it be rewritten as a static method, and if not, then why?

Since I just asked like a million questions, I'll put a summary of them here:

  1. Is it okay to create a method for this purpose. (Are there any drawbacks to this?)
  2. Is the above code the correct way to do so?
  3. Should it be a static method?
  4. How would you make it a static method?
4

1 回答 1

1

自 php 5.3 起,魔术引号已被弃用,并在 5.4 中被删除。我建议以正确的方式学习 php

于 2015-11-01T00:09:39.407 回答