在字符串中转义特殊字符

时间:2023-01-28 00:22:15

I am trying to write a method that is the same as mysqli_real_escape_string in PHP. It takes a string and escapes any 'dangerous' characters. I have looked for a method that will do this for me but I cannot find one. So I am trying to write one on my own.

我正在尝试在PHP中编写一个与mysqli_real_escape_string相同的方法。它需要一个字符串,并且可以避开任何“危险”字符。我找了一个方法可以帮我做这个,但是我找不到。所以我想自己写一个。

This is what I have so far (I tested the pattern at Rubular.com and it worked):

这是我到目前为止所做的(我在Rubular.com上测试了这个模式,它成功了):

# Finds the following characters and escapes them by preceding them with a backslash. Characters: ' " . * / \ -
def escape_characters_in_string(string)
  pattern = %r{ (\'|\"|\.|\*|\/|\-|\\) }
  string.gsub(pattern, '\\\0') # <-- Trying to take the currently found match and add a \ before it I have no idea how to do that).
end

And I am using start_string as the string I want to change, and correct_string as what I want start_string to turn into:

我用start_string作为我想要改变的字符串,并用correct_string作为start_string

start_string = %("My" 'name' *is* -john- .doe. /ok?/ C:\\Drive)
correct_string = %(\"My\" \'name\' \*is\* \-john\- \.doe\. \/ok?\/ C:\\\\Drive)

Can somebody try and help me determine why I am not getting my desired output (correct_string) or tell me where I can find a method that does this, or even better tell me both? Thanks a lot!

有人能不能帮我确定为什么我没有得到我想要的输出(correct_string)或者告诉我哪里可以找到一个方法来实现这一点,或者更好地告诉我两者?谢谢!

5 个解决方案

#1


9  

Your pattern isn't defined correctly in your example. This is as close as I can get to your desired output.

在您的示例中没有正确定义您的模式。这是我所能达到的最接近你期望的输出。

Output

输出

"\\\"My\\\" \\'name\\' \\*is\\* \\-john\\- \\.doe\\. \\/ok?\\/ C:\\\\Drive"

It's going to take some tweaking on your part to get it 100% but at least you can see your pattern in action now.

你需要做一些调整才能达到100%,但至少你现在可以看到你的模式。

  def self.escape_characters_in_string(string)
    pattern = /(\'|\"|\.|\*|\/|\-|\\)/
    string.gsub(pattern){|match|"\\"  + match} # <-- Trying to take the currently found match and add a \ before it I have no idea how to do that).
  end

#2


4  

I have changed above function like this:

我对上面的功能做了如下修改:

  def self.escape_characters_in_string(string)
    pattern = /(\'|\"|\.|\*|\/|\-|\\|\)|\$|\+|\(|\^|\?|\!|\~|\`)/
    string.gsub(pattern){|match|"\\"  + match}
  end

This is working great for regex

这对regex非常有用。

#3


2  

This should get you started:

这应该让你开始:

print %("'*-.).gsub(/["'*.-]/){ |s| '\\' + s }
\"\'\*\-\.

#4


1  

Take a look at the ActiveRecord sanitization methods: http://api.rubyonrails.org/classes/ActiveRecord/Base.html#method-c-sanitize_sql_array

看看ActiveRecord杀毒方法:http://api.rubyonrails.org/classes/ActiveRecord/Base.html#method- sanitize_sql_array

#5


0  

Take a look at escape_string / quote method in Mysql class here

看一下Mysql类中的escape_string / quote方法

#1


9  

Your pattern isn't defined correctly in your example. This is as close as I can get to your desired output.

在您的示例中没有正确定义您的模式。这是我所能达到的最接近你期望的输出。

Output

输出

"\\\"My\\\" \\'name\\' \\*is\\* \\-john\\- \\.doe\\. \\/ok?\\/ C:\\\\Drive"

It's going to take some tweaking on your part to get it 100% but at least you can see your pattern in action now.

你需要做一些调整才能达到100%,但至少你现在可以看到你的模式。

  def self.escape_characters_in_string(string)
    pattern = /(\'|\"|\.|\*|\/|\-|\\)/
    string.gsub(pattern){|match|"\\"  + match} # <-- Trying to take the currently found match and add a \ before it I have no idea how to do that).
  end

#2


4  

I have changed above function like this:

我对上面的功能做了如下修改:

  def self.escape_characters_in_string(string)
    pattern = /(\'|\"|\.|\*|\/|\-|\\|\)|\$|\+|\(|\^|\?|\!|\~|\`)/
    string.gsub(pattern){|match|"\\"  + match}
  end

This is working great for regex

这对regex非常有用。

#3


2  

This should get you started:

这应该让你开始:

print %("'*-.).gsub(/["'*.-]/){ |s| '\\' + s }
\"\'\*\-\.

#4


1  

Take a look at the ActiveRecord sanitization methods: http://api.rubyonrails.org/classes/ActiveRecord/Base.html#method-c-sanitize_sql_array

看看ActiveRecord杀毒方法:http://api.rubyonrails.org/classes/ActiveRecord/Base.html#method- sanitize_sql_array

#5


0  

Take a look at escape_string / quote method in Mysql class here

看一下Mysql类中的escape_string / quote方法