Url stored in MySQL returns with extra backslash for each forward slash ( a/b.png => a\/b.png)

问题

I have a MySql database with a URL field that has normal URLs with forward slashes. When I get the URL data with PHP web service it shows up with a backward slash for each forward slash:

http://example.com/iphone/images/test.png

shows as

http:\/\/example.com\/iphone\/images\/test.png

What could be the problem?

---

Here is the function that gets my data.

function getdata() {

    // Check for required parameters
    if (isset($_POST["genre"])) {

        // Put parameters into local variables
        $genre = $_POST["genre"];

        // Final result array
        $final_result = array();

        // Look up in database
        $user_id = 0;
        $stmt = $this->db->prepare('SELECT ID, BAND, VENUE, GENRE, DATE, THUMBNAIL_URL, DESCRIPTION FROM shows WHERE GENRE=?');
        $stmt->bind_param("s", $genre);
        $stmt->execute();
        $stmt->bind_result($id, $band_result, $venue_result, $genre, $date, $thumbnail_url, $description);
        while ($stmt->fetch()) {


            $thumbnail_url = stripslashes($thumbnail_url);

            $result = array(
            "id" => $id, "band" => $band_result, "venue" => $venue_result, "genre" => $genre, "date" => $date, "thumbnail_url" => $thumbnail_url, "description" => $description,
            );
            $final_result[] = $result;
            continue;
        }
        $stmt->close();





        sendResponse(200, json_encode($final_result));
        return true;
    }
    sendResponse(400, 'Invalid request');
    return false;
}

回答1:

The reason this can happen is your host most likely has magic_quotes enabled and it can change from host to host. (a futile attempt to strengthen security by escaping user submitted inputs).

So its always best to check if its enabled. (especially if your script reaches other configurations)

Then if so handle the stripping of thos unwanted extra slashes before you insert into database, still always use mysql_real_escape_sting() or PDO prepared statements to escape into the database else errors or mysql injections will follow.

if(get_magic_quotes_gpc()) {
  $genre = stripslashes($_POST["genre"]);
}

回答2:

If it's showing up in the database with slashes; that's fine.

If you want to remove them in your PHP after getting them out of the database, run it through stripslashes();

$url = stripslashes($url);

If you want to strip the slashes before it goes into the database... same as above, but think twice before you do :)

来源：https://stackoverflow.com/questions/7355968/url-stored-in-mysql-returns-with-extra-backslash-for-each-forward-slash-a-b-pn