Question

我从包含需要删除的转义斜杠的PHP文件返回数据。

我创建了一个多维数组的返回对象。我用json_encode($data, JSON_UNESCAPED_SLASHES)返回它，但是斜杠没有被删除。

我还尝试了不同的方法，这些方法涉及使用stripslashes()循环遍历数组中的每个字符串，甚至不起作用。

我可以毫不费力地以正确的JSON结构返回所需的数据，但我似乎无法摆脱这些斜线！

$data = array('bodyCopy' => array(), 'projects' => array());

$sql = "SELECT * FROM " . $table;
$result = mysqli_query($conn, $sql) or die("Error in Selecting " . mysqli_error($conn));
while($row = mysqli_fetch_assoc($result)) {
    $data['bodyCopy'] = $row;
}

$sql = "SELECT * FROM experienceSectionProjects";
$result = mysqli_query($conn, $sql) or die("Error in Selecting " . mysqli_error($conn));
while($row = mysqli_fetch_assoc($result)) {
    array_push($data['projects'], $row);
}

echo json_encode($data, JSON_UNESCAPED_SLASHES);

我的回归对象就像这样：

修改以下是一些包含斜杠的实际数据：

    {
    "bodyCopy":{
    "title":"Experience's",
    "headerIcon":"briefcase",
    "introCopy":"Don't",
    "gridHeader":"header"
    },
    "projects":[
    {
     "id":"1",
     "company":"Medical Mutual",
     "position":"UI Developer",
     "logo":"medmutual.png",
     "backgroundImg":"medMutual.jpg",
     "projectSummary":"Online enrollment application for health insurance marketplace",
     "description":"I work as the dedicated front end developer on the online enrollment application for the Medical Mutual Individual Insurance Marketplace and Medicare Advantage Marketplace. As front end developer my main responsibility is generating HTML/CSS/JS for the users interface. I collaborate with server side developers in an C#.NET MVC environment to create dynamic content and integrate the code from the UI into Sitecore. Aside from the Online Enrollment applications, I am involved with developing other public facing websites for the company including an internal recruitment website."
    },
    {
     "id":"2",
     "company":"Macy\'s",
     "position":"UI/AngularJS Developer",
     "logo":"macys.png",
     "backgroundImg":"macys.jpg",
     "projectSummary":"CRM software for in store sales associates",
     "description":""
    }
 ]
}

修改

这可能会提供更多信息。这就是我将值写入数据库的方式：

    $projects = $p['projects'];
    if(is_array($projects)) {
        foreach ($projects as $project) {

            $id = $project['id'];
            $company = mysqli_real_escape_string($conn, $project['company']);
            $position = mysqli_real_escape_string($conn, $project['position']);
            $logo = mysqli_real_escape_string($conn, $project['logo']);
            $backgroundImg = mysqli_real_escape_string($conn, $project['backgroundImg']);
            $projectSummary = mysqli_real_escape_string($conn, $project['projectSummary']);
            $description = mysqli_real_escape_string($conn, $project['description']);

            $Query = $conn->prepare("INSERT INTO experienceSectionProjects (id, company, position, logo, backgroundImg, projectSummary, description)
            VALUES (?, ?, ?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE company = VALUES(company), position = VALUES(position), logo = VALUES(logo), backgroundImg = VALUES(backgroundImg), projectSummary = VALUES(projectSummary), description = VALUES(description)");
            $Query->bind_param('issssss', $id, $company, $position, $logo, $backgroundImg, $projectSummary, $description);
            $Query->execute();
            $Query->close();
        }
    }

Answer 1

mysqli_real_escape_string会在字符串中添加斜杠，以便在将其放入SQL查询时，不会将特殊字符视为特殊字符。

bind_param将变量传递给预准备语句，而不将它们直接放在SQL语句中。

做一个或另一个（提示：bind_param更健全）不是两者。

Answer 2

将包含mysqli_real_escape_string()的所有行替换为此...

$company = $project['company'];
$position = $project['position'];
$logo = $project['logo'];
$backgroundImg = $project['backgroundImg'];
$projectSummary = $project['projectSummary'];
$description = $project['description'];

mysqli_real_escape_string()在必要时添加斜杠，以便原始查询不会丢失。您已经在准备原始查询后使用准备好的语句来绑定变量，因此这不是必需的。

PHP不删除转义斜杠

2 个答案: