stripslashes_deep()去掉字符串获取数组中的 / 符号







使用 stripslashes() 函数去掉 /,如果输入的是对象,使用 get_object_vars()  换成数组, 后对 组递归调  stripslashes_deep(),去掉数 中每个值的 / 。

stripslashes_deep() 描述


<?php stripslashes_deep$value ); ?>

stripslashes_deep() 用法



(array|string|object) (必填) 将要 掉 / 的数组  字符串。

默认值: None

stripslashes_deep() 参数



去掉 / 的数组或者字符 

stripslashes_deep() 返回值


Basic Example

You may want this function when developing your own PHP application intended to run within the WordPress environment. Specifically, your program needs to strip slashes when data arrives via $_POST, $_GET, $_COOKIE, and $_REQUEST arrays.

An example would be a "Contact Me" page and the ancillary program that sanitizes the user-supplied text. Such user inputs typically travel from an HTML <form method="post" ... > to your program by way of the $_POST array. stripslashes_deep(), in that case, could be used thus (caution, see notes below):

The stripslashes_deep() function is recursive and will walk through the $_POST array even when some of the elements are themselves an array.

Please note: WordPress Core and most plugins will still be expecting slashes, and the above code will confuse and break them. If you must unslash, consider only doing it to your own data which isn't used by others:

Good Coding Practice

When you write program code for public distribution, you do not know ahead of time if the target server has magic quotes enabled. It is, therefore, best coding practice for your program to check for magic quotes and strip slashes if need be. It is worth knowing that stripslashes_deep() does not check for the presence of slashes. Your program would, most properly, test for and remove magic quote slashes.

One possible way to use stripslashes_deep() is this (caution, see notes below):

  • The existence of magic quotes has been a headache for many PHP composers. Future versions of PHP may very likely deprecate them. Code will, however, need to continue to work around them as long as PHP4 and PHP5 remain in use.

Please Note: On any page load where WordPress itself loads, the above example will be unreliable. Very early in its execution, WordPress intentionally adds "magic quotes" for the sake of consistency. This is regardless of the return of get_magic_quotes_gpc(). Core code, and plugins all over, expect the values of $_REQUEST etc to be escaped.

stripslashes_deep() 示例


  • See Disabling Magic Quotes
  • WordPress  认忽略 PHP 设置的 magic quotes  值(magic_quotes_gpc 为 true 时, 动给 ' " \ 添加 /),都 给字符串加上 magic quotes。(甚至 PHP 5.4 删除这个  
  • WordPress 这样做的原因是太多 WordPress 核心和 件代码依 这个 能, 以禁用 magic quotes 会 起一些安全漏洞。
  • stripslashes_deep() 注意


    添加于 版本: 2.0.0

    stripslashes_deep() 历史


    stripslashes_deep() 函数的代码位于 wp-includes/formatting.php.

    stripslashes_deep() 源文件