PHP anti-injection, detailed implementation of form submission value escaping_PHP tutorial

During development, we must pay attention to preventing sql injection, so the values ​​submitted by the form must be processed accordingly before the data can be updated into the database
php sweeps the army function. Any value can be passed in for conversion

Copy code The code is as follows:

function quotes($content) 
{ 
//If magic_quotes_gpc=Off, then start processing If (!get_magic_quotes_gpc()) { //Determine whether $content is an array
if (is_array($content)) {
//If $content is an array, then process each element of it
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
                                                                                                                                       If magic_quotes_gpc=On, then it will not be processed.
} 🎜>stripslashes(), it can remove the (backslash) automatically added when processing addslashes()




http://www.bkjia.com/PHPjc/327587.html

www.bkjia.com

true

http: //www.bkjia.com/PHPjc/327587.html

TechArticle

During development, we must pay attention to preventing sql injection, so the values ​​submitted by the form must be processed accordingly. , only then can the data be updated into the database using the PHP function. Any value...