In AnQiCMS, we frequently use various template engine filters to handle and display content during our daily website operations.The filter is an important tool for improving content quality and website security.addslashesLook at its impact on Chinese characters and punctuation.
addslashesWhat is the filter used for?
Firstly, let's understand it.addslashesThe basic function of the filter. According to the AnQiCMS template filter document introduction,addslashesThe main role of the filter is in the stringSpecific predefined charactersAdd a backslash before the\)。These special characters are mainly used to avoid syntax errors or security issues in certain contexts (such as being inserted into database query statements, JavaScript strings, or JSON data).
- Single quote (
') - Double quote (
") - Backslash (
\)
When these characters are contained in a string,addslashesthey will be preceded by a backslash to 'escape' them as ordinary characters, so that the parser does not misinterpret them.
addslashesWill it affect Chinese string?
For pure Chinese content,addslashesThe filter isNo effect. AnQiCMS template engine has very good support for UTF-8 encoded Chinese,addslashesThe design does not specifically escape Chinese characters themselves.
Let me give you a simple example:
{{ "安企CMS是一个企业级内容管理系统。"|addslashes|safe }}
You will find that the output result is still:安企CMS是一个企业级内容管理系统。
This means that if the text you are processing contains only Chinese characters and does not involve the above English predefined special characters,addslashesThis content will not change your Chinese, you can use it with confidence.
addslashesCan it escape Chinese punctuation marks?
This is a point that everyone is concerned about. The answer is,addslashesFilterIt will not escape Chinese punctuation marksIt only handles English single quotes, double quotes, and backslashes, but not Chinese full-width punctuation, such as periods (。), commas (,), colons (、), question marks (?), and quotes (“ ” ‘ ’If it contains such characters, no escaping operation will be performed.
Let's verify this with an example:
{{ "这是一个测试。“安企CMS”真的很棒!你觉得呢?"|addslashes|safe }}
The output result will be:这是一个测试。“安企CMS”真的很棒!你觉得呢?
Even if the Chinese string contains full-width Chinese quotation marks,addslashesIt can't even recognize that they are special characters that need to be escaped.
But if there are English half-width punctuation marks in your Chinese stringaccidentally mixed inCommas, double quotes, or backslashes, and these English punctuation marks will beaddslashesescaped by the filter. For example:
{{ "他说:\"AnQiCMS's great!\" 我很赞同。"|addslashes|safe }}
The output result will be:他说:\"AnQiCMS\'s great!\" 我很赞同。
You can see that the English half-width quotation marks and apostrophes are preceded by a backslash. This further indicates,addslashesThe filter works strictly according to the preset list of English special characters and will not intelligently recognize and handle Chinese punctuation.
Summary
In the template development and content operation of AnQiCMS,addslashesA filter is a very useful tool, mainly used to ensure that in a specific scenario, English single quotes, double quotes, and backslashes in the data do not disrupt the grammatical structure or cause security issues.
Through our practical experience and document analysis, it can be clearly stated:
addslashesFilterwill notaffect the Chinese string itself.addslashesFilterwill notescape Chinese punctuation marks (such as)。,,,“”etc.).addslashesFilterwill onlyEscape single quotes in the character set ('), double quote ()") and the backslash (\)\).
Therefore, when usingaddslashesWhen it comes to, you do not need to worry about it causing unexpected escaping of your Chinese content or Chinese punctuation.But if there are special English punctuation marks mixed in Chinese text, please note that they will be escaped.addslashesFilter, and usually also need to be配合|safeFilter to ensure that backslashes are interpreted as escape characters rather than literal output, especially when the content includes HTML structure.
Common Questions (FAQ)
1.addslashesandescapeWhat are the differences between filters?
addslashesMainly in specificEnglish symbolsAdd a backslash before single quotes, double quotes, and backslashes, which is to prevent these symbols from breaking the syntax in specific contexts (such as database queries, JavaScript code).escapeFilter (or its alias)e) is used to convert HTML special characters (such as</>/&/"/'Convert to HTML entities, the main purpose is to prevent XSS attacks, ensuring that the browser displays these characters as text rather than parsing them as HTML tags. AnQiCMS defaults to escaping all output, soescapeGenerally used to explicitly specify escaping, or to manually perform HTML escaping after automatic escaping is turned off.
2.addslashesDoes the filter affect the storage of content in the database?
addslashesThe filter is used to process data during the template rendering stage, and it does not directly affect the storage of content in the database.Databases usually have their own data input and storage mechanisms. Before data is written, it is often processed by the backend program (such as using pre-processing statements of ORM frameworks or manual escaping), to ensure that the data can be safely and correctly stored in the database.addslashesIt mainly plays a role in front-end display or preparing data for specific front-end scripts.
3. If I want to remove HTML tags from the content instead of escaping them, which filter should I use?
If you want to completely remove HTML tags from the content instead of escaping them, you can usestriptagsFilter. This filter will strip all HTML, XML, and PHP tags from the string. If you only want to remove specific HTML tags, you can useremovetagsFilter, and specify the name of the tag to be removed in the parameters.