云策 WordPress 开发者社区

函数文档

stripslashes_deep()

查看官方原文 ↗
💡 云策文档标注

概述

stripslashes_deep() 是 WordPress 核心函数,用于递归遍历数组、对象或标量值,移除其中的反斜杠。它基于 map_deep() 实现,适用于处理如 $_POST 等已添加斜杠的输入数据。

关键要点

  • 函数递归处理数组、对象或标量,使用 stripslashes_from_strings_only 回调移除字符串中的反斜杠。
  • 参数 $value 为必需,可以是任意类型,返回处理后的值。
  • 在 WordPress 环境中,$_POST、$_GET、$_REQUEST、$_COOKIE 变量默认被添加斜杠,建议使用此函数或 stripslashes() 进行清理。
  • 使用时需注意:全局应用 stripslashes_deep() 可能破坏 WordPress 核心或插件预期,建议仅处理自定义数据。

代码示例

// 示例1:处理整个 $_POST 数组
$my_post = stripslashes_deep($_POST);
$my_value = $my_post['value'];

// 示例2:直接处理特定值
$my_value = stripslashes($_POST['value']);

// 示例3:安全处理自定义数据
$your_own_data = stripslashes_deep($_POST['your_own_data']);

注意事项

  • WordPress 自动为 $_POST/$_GET/$_REQUEST/$_COOKIE 添加斜杠,无论 get_magic_quotes_gpc() 返回什么,因此在这些上下文中应使用 stripslashes_deep() 或 stripslashes()。
  • 避免对整个 $_POST 等全局变量应用 stripslashes_deep(),以免干扰其他插件或核心功能,建议仅处理特定数据字段。
📄 原文内容

Navigates through an array, object, or scalar, and removes slashes from the values.

Parameters

$valuemixedrequired
The value to be stripped.

Return

mixed Stripped value.

More Information

If an array is passed, the array_map() function causes a callback to pass the value back to the function. The slashes from each value will be removed using the stripslashes() function.

Source

function stripslashes_deep( $value ) {
	return map_deep( $value, 'stripslashes_from_strings_only' );
}

View all references View on Trac View on GitHub

Uses Description
map_deep()wp-includes/formatting.php

Maps a function to all non-iterable elements of an array or an object.
Used by Description
wp_ajax_send_attachment_to_editor()wp-admin/includes/ajax-actions.php

Handles sending an attachment to the editor via AJAX.
wp_unslash()wp-includes/formatting.php

Removes slashes from a string or recursively removes slashes from strings within an array.
WP_Widget::update_callback()wp-includes/class-wp-widget.php

Handles changed settings (Do NOT override).

Changelog

Version Description
2.0.0 Introduced.

User Contributed Notes

  1. Skip to note 3 content


    Codex


    You must log in to vote on the helpfulness of this noteVote results for this note: 4You must log in to vote on the helpfulness of this note

    Good Coding Practice
    WordPress adds slashes to $_POST/$_GET/$_REQUEST/$_COOKIE regardless of what get_magic_quotes_gpc() returns. So in the context of WordPress, stripslashes() or stipslashes_deep() should always be used when using those variables.

    Example:

    $my_post = stripslashes_deep($_POST);
$my_value = $my_post['value'];

    Or:

    $my_value = stripslashes($_POST['value']);

  2. Skip to note 4 content


    Codex


    You must log in to vote on the helpfulness of this noteVote results for this note: 1You must log in to vote on the helpfulness of this note

    Basic Example
    You may want this function when developing your own PHP application intended to run within the WordPress environment. Specifically, your program needs to strip slashes when data arrives via $_POST, $_GET, $_COOKIE, and $_REQUEST arrays.

    An example would be a “Contact Me” page and the ancillary program that sanitizes the user-supplied text. Such user inputs typically travel from an HTML to your program by way of the $_POST array. stripslashes_deep() , in that case, could be used thus (caution, see notes below):

    $_POST = stripslashes_deep( $_POST );

    The stripslashes_deep() function is recursive and will walk through the $_POST array even when some of the elements are themselves an array.

    Please note: WordPress Core and most plugins will still be expecting slashes, and the above code will confuse and break them. If you must unslash, consider only doing it to your own data which isn’t used by others:

    $your_own_data = stripslashes_deep( $_POST['your_own_data'] );