javascript 如何使用 RegExp 用双反斜杠替换反斜杠?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8684975/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I replace a backslash with a double backslash using RegExp?
提问by user1052933
I need to modify the value using javascript, to make it ready to be put as part of a SQL insert query.
我需要使用 javascript 修改该值,以使其准备好作为 SQL 插入查询的一部分。
Currently I have the following code to handle the single quote ' character.
目前我有以下代码来处理单引号 ' 字符。
value = value.replace(/'/g, "\'");
This code works without an issue. Now I noticed that stand-alone backslashes are causing errors.
这段代码可以正常工作。现在我注意到独立的反斜杠会导致错误。
How can I remove those stand alone backslashes?
如何删除那些独立的反斜杠?
回答by T.J. Crowder
Now I noticed that stand-alone backslashes are causing errors.
现在我注意到独立的反斜杠会导致错误。
Backslashes in the string you're operating on won't have any effect on replacing 'characters whatsoever. If your goal is to replace backslashcharacters, use this:
您正在操作的字符串中的反斜杠不会对替换'任何字符产生任何影响。如果您的目标是替换反斜杠字符,请使用以下命令:
value = value.replace(/\/g, "whatever");
...which will replace all backslashes in the string with "whatever". Note that I've had to write two backslashes rather than just one. That's because in a regular expression literal, the backslash is used to introduce various special characters and character classes, and is also used as an escape — two backslashes together in a regular expression literal (as in a string) represent a single actual backslash in the string.
...它将用“whatever”替换字符串中的所有反斜杠。请注意,我必须写两个反斜杠而不是一个。这是因为在正则表达式文字中,反斜杠用于引入各种特殊字符和字符类,也用作转义符——正则表达式文字中的两个反斜杠(如在字符串中)代表一个实际的反斜杠细绳。
To change a single backslash into two backslashes, use:
要将单个反斜杠更改为两个反斜杠,请使用:
value = value.replace(/\/g, "\\");
Note that, again, to get a literal backslash in the replacement string, we have to escape each of the two — resulting in four in total in the replacement string.
请再次注意,要在替换字符串中获得文字反斜杠,我们必须对两者中的每一个进行转义——导致替换字符串中总共有四个。
I need to modify the value using javascript, to make it ready to be put as part of a SQL insert query.
我需要使用 javascript 修改该值,以使其准备好作为 SQL 插入查询的一部分。
You don't want to do this by hand. Any technology that allows you to make database queries and such (JDBC, ODBC, etc.) will provide some form of preparedor parameterizedstatement (link), which deals with these sorts of escaping issues for you. Doing it yourself is virtually guaranteed to leave security holes in your software which could be exploited. You want to use the work of a team that's had to think this through, and which updates the resulting code periodically as issues come to light, rather than flying alone. Further, if your JavaScript is running on the client (as most is, but by no means all — I use JavaScript server-side all the time), then nothingyou do to escape the string can make it safe, because client requests to the server can be spoofed, completely bypassing your client-side code.
您不想手动执行此操作。任何允许您进行数据库查询的技术(JDBC、ODBC 等)都将提供某种形式的准备好的或参数化的语句(链接),它为您处理这些类型的转义问题。自己动手几乎可以保证在您的软件中留下可能被利用的安全漏洞。您希望使用一个团队的工作,该团队必须仔细考虑这一点,并在问题曝光时定期更新结果代码,而不是独自飞行。此外,如果您的 JavaScript 正在客户端上运行(大多数情况下,但绝不是全部 - 我一直使用 JavaScript 服务器端),那么什么都没有您对字符串进行转义可以使其安全,因为客户端对服务器的请求可以被欺骗,完全绕过您的客户端代码。
回答by Mattias Wadman
You should use a escape function provided by some kind of database library, rolling your own will only cause trouble.
你应该使用某种数据库库提供的转义函数,自己滚动只会带来麻烦。
