Solution of Backslash Escaping and Database Class Escaping in ThinkPHP Warehousing

This article describes the ThinkPHP warehousing twice backslash escape and database class escape solution. Share it for your reference. The specific methods are as follows:

This happens when magic_quotes_gpc is turned on. The reason is that thinkphp did not judge whether magic_quotes_gpc was turned on when it was put into storage, regardless of the escape processing at 372101.
The solution is to add the following code to the entry file:

if (!get_magic_quotes_gpc()) {  

    function addslashes_deep($value) {   

        $value = is_array($value) ?  

            array_map('addslashes_deep', $value) :  

            addslashes($value);  

        return $value;  

   }  

   $_POST = array_map('addslashes_deep', $_POST);  

   $_GET = array_map('addslashes_deep', $_GET);  

   $_COOKIE = array_map('addslashes_deep', $_COOKIE);  

   $_REQUEST = array_map('addslashes_deep', $_REQUEST);  

}

The escape function in DbMysql. class. php has been modified as follows:

public function escape_string($str) {  

if (get_magic_quotes_gpc()) {  

return $str;  

}  

if($this->_linkID) {  

return mysql_real_escape_string($str,$this->_linkID);

}else{  

return mysql_escape_string($str);  

}  

}

In fact, this method is not desirable! Because if the magic function on, and $str is not derived from post or get (such as reading text, database), it still has no backslash.
So I don't care if $str has been escaped. Rule 1 removes the escape first, and then adds the escape. In this way, two escapes are avoided, and missing escapes are also avoided.
Here are my modifications:

public function escape_string($str) {  

$str = stripslashes($str);  

if($this->_linkID) {  

return mysql_real_escape_string($str,$this->_linkID);  

}else{  

return mysql_escape_string($str);  

}  

}

I hope this article is helpful to everyone's ThinkPHP framework programming.