In AnQiCMS, we frequently use various template engine filters to process and display content in our daily website operations.The filter is an important tool for improving content quality and website security.Today, let's delve deeply into a specific filter -addslashesLook at the impact it has on Chinese character strings and Chinese punctuation marks.

addslashesWhat does the filter do?

First, let's understandaddslashesThe basic function of the filter. According to the AnQiCMS template filter document introduction,addslashesThe main role of the filter is to add a backslash in front of thespecific predefined characters(in the string,\These characters are treated specially to avoid syntax errors or security issues in certain contexts (such as inserting into database query statements, JavaScript strings, or JSON data).In particular, it will escape:

  • Single quote (')
  • Double quote (")
  • Backslash (\)

When a string contains these characters,addslashesthey will be escaped by adding a backslash, turning them into ordinary characters so that they are not misunderstood by the parser.

addslashesWill it affect Chinese string?

For pure Chinese content,addslashesThe filter ishas no effect. AnQiCMS template engine has very good support for UTF-8 encoded Chinese,addslashesThe design did not escape the Chinese characters themselves.

Let me give you a simple example:

{{ "安企CMS是一个企业级内容管理系统。"|addslashes|safe }}

You will find that the output result is still:安企CMS是一个企业级内容管理系统。

This means, if the text you are processing only contains Chinese characters and does not involve the aforementioned English predefined special characters, thenaddslashesThe Chinese content will not change, you can use it with confidence.

addslashesCan it escape Chinese punctuation?

This is a point that everyone is concerned about. The answer is,addslashesFilterIt will not escape Chinese punctuation.It only processes English single quotes, double quotes, and backslashes, but not Chinese full-width punctuation marks such as periods (), commas (), colons (), question marks (), and quotes ( This escaping is not performed when...

Let's verify this through an example:

{{ "这是一个测试。“安企CMS”真的很棒!你觉得呢?"|addslashes|safe }}

The output will be:这是一个测试。“安企CMS”真的很棒!你觉得呢?

Even if the Chinese string contains Chinese full-width quotation marks,...addslashesIt cannot be recognized that they are special characters that need to be escaped.

But if your Chinese string containsaccidentally mixed with English half-width punctuation(Single quotes, double quotes, or backslashes), then these English punctuation marks will beaddslashesEscape filter. For example:

{{ "他说:\"AnQiCMS's great!\" 我很赞同。"|addslashes|safe }}

The output will be:他说:\"AnQiCMS\'s great!\" 我很赞同。

You can see that the double quotes and single quotes in English half-width are preceded by a backslash. This further indicates,addslashesThe filter operates strictly according to the list of English special characters it is preset with, and will not intelligently recognize and process Chinese punctuation.

Summary

In the template development and content operation of AnQiCMS,addslashesThe filter is a very useful tool, mainly used to ensure that in specific scenarios, the English single quotes, double quotes, and backslashes in the data will not destroy the syntax structure or cause security issues.

Through our practical and documentation analysis, it can be clearly stated:

  • addslashesFilterwon'tIt affects the Chinese character string itself.
  • addslashesFilterwon'tEscape Chinese punctuation marks (such as,, etc.).
  • addslashesFilterOnlyEscape the single quotes in the English character set ('Punctuation marks (and) quotation marks (") and backslash (\)

Therefore, when usingaddslashesAt the same time, you need not worry that it will cause unexpected escaping of your Chinese content or Chinese punctuation.If English special punctuation is mixed in the Chinese text, please note that they will be escaped.Apply in templateaddslashesThe filter usually needs to be used in conjunction with|safeThe filter to ensure that backslashes are interpreted as escape characters rather than literal output, especially when the content includes HTML structure.

Frequently Asked Questions (FAQ)

1.addslashesandescapeWhat are the differences between filters?

addslashesMainly it is specificEnglish symbols(Single quotes, double quotes, backslashes) are preceded by a backslash to prevent these symbols from breaking the syntax in specific contexts (such as database queries, JavaScript code), and so on.escapeFilter (or its aliase) is used to represent HTML special characters (such as</>/&/"/') converts to HTML entities, the main purpose is to prevent XSS attacks, ensuring that the browser displays these characters as text rather than parsing them as HTML tags. AnQiCMS defaults to escaping all output, soescapeIt is usually used to explicitly specify escaping, or to manually perform HTML escaping after turning off automatic escaping.

2.addslashesDoes the filter affect the storage of content in the database?

addslashesThe filter is used to process data at the template rendering stage and does not directly affect the storage of content in the database.Databases usually have their own data input and storage mechanisms, and before data is written, it is often processed by backend programs (such as using pre-processing statements of ORM frameworks or manual escaping), to ensure that data can be safely and correctly stored in the database.addslashesIt mainly plays a role in displaying on the front end or preparing data for a specific front-end script.

3. If I want to remove HTML tags from the content instead of escaping, which filter should I use?

If you want to remove HTML tags from the content completely rather than escaping them, you can usestriptagsA filter that removes all HTML, XML, and PHP tags from a string. If you want to remove only specific HTML tags, you can useremovetagsFilter and specify the tag name to be removed in the parameter.