Wordpress: How to unescape the results when using

2019-06-16 07:21发布

To add a new rows to the database I use $wpdb->insert, and to get the rows I use $wpdb->get_results.

The problem is that $wpdb->insert seems to be escaping the input. For example, a"b is saved as a\"b in the database. But, $wpdb->get_results doesn't seem to unescape back a\"b to a"b.

Is this the correct behavior by design?

Should I unescape the result of $wpdb->get_results manually? (What is the proper function for this?)

2条回答
相关推荐>>
2楼-- · 2019-06-16 07:49

http://codex.wordpress.org/Function_Reference/stripslashes_deep

//replace $_POST with $POST
    $POST      = array_map( 'stripslashes_deep', $_POST);
    $wpdb->insert( 
            'wp_mytable', 
            array( 
                'field_name'        => $POST['field_name'], 
                'type'              => $POST['type'],
                'values'            => serialize($POST['values']),
                'unanswered_link'   => $POST['unanswered_link'], 
            ), 
            array( 
                '%s','%s','%s','%s'
            ) 
        );
查看更多
不美不萌又怎样
3楼-- · 2019-06-16 07:55

$wpdb->insert() and $wpdb->prepare() will escape data to prevent SQL injection attacks. The $wpdb->get_results() function is designed to work generically with SQL SELECT statements, so I believe the fact that the slashes are left in place is intentional. This allows the consumer of the data to process it as necessary.

Since the $wpdb->get_results() funciton returns an array of stdClass objects, in order to remove the slashes in all columns in every row, you must iterate through the rows, and through the properties of each row object running the PHP stripslashes() function on it.

foreach( $quotes as &$quote ) {
    foreach( $quote as &$field ) {
        if ( is_string( $field ) )
            $field = stripslashes( $field );
    }
}

More information on the wpdb->get_results() function: http://codex.wordpress.org/Class_Reference/wpdb#SELECT_Generic_Results

查看更多
登录 后发表回答