The simplest sql anti-injection function and method in php_PHP tutorial

mysql tutorial_real_escape_string — Escape special characters in a string used in a SQL statement, taking into account the connection's current character set.

But note: this function does not escape % and _. In addition, it is best not to use this function for the entire SQL statement, but to escape only the string parameters passed into the SQL statement, otherwise unexpected results will occur.

$item = "Zak's and Derick's Laptop";
$escaped_item = mysql_real_escape_string($item);
printf ("Escaped string: %sn", $escaped_item);
?>

The addslashes() function adds a backslash before the specified predefined characters.

These predefined characters are:

Single quote (')
Double quotes (")
backslash ()
NULL

By default, the PHP directive magic_quotes_gpc is on, automatically running addslashes() on all GET, POST and COOKIE data. Do not use addslashes() on strings that have been escaped by magic_quotes_gpc, as this will result in double escaping. When encountering this situation, you can use the function get_magic_quotes_gpc() to detect it.

$str="jane & 'tarzan'"; //Define html string
echo html_entity_decode($str); //Output the converted content
echo "
";
echo html_entity_decode($str,ent_quotes); //Content output with optional parameters

For more details, please see: http://www.bKjia.c0m/phper/php-function/36439.htm

http://www.bkjia.com/PHPjc/629708.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629708.htmlTechArticlemysql tutorial_real_escape_string escapes special characters in strings used in SQL statements, taking into account the current connection Character set. But note: this function does not escape % and _. Also...