简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  PHP code to implement anti-injection and form submission value escaping

PHP code to implement anti-injection and form submission value escaping

WBOY
WBOYOriginal
2016-07-25 08:58:56939browse
  2. /**
  3. * PHP form character escape
  4. * Prevent sql injection
  5. * edit bbs.it-home.org
  6. */
  7. function quotes($content)
  8. {
  9. //If magic_quotes_gpc=Off, then start processing
  10. if (!get_magic_quotes_gpc()) {
  11. / /Determine whether $content is an array
  12. if (is_array($content)) {
  13. //If $content is an array, then process each of its elements
  14. foreach ($content as $key=>$value) {
  15. $content[$key] = addslashes($value);
  16. }
  17. } else {
  18. //If $content is not an array, then it will only be processed once
  19. addslashes($content);
  20. }
  21. } else {
  22. // If magic_quotes_gpc=On, then it will not be processed
  23. }
  24. //Return $content
  25. return $content;
  26. ?>
Copy code

Note: Use stripslashes () to remove backslashes when displaying stripslashes(), it can remove the (backslash) automatically added during addslashes() processing.

That’s it, a simple php function that can escape form submission content and prevent SQL injection.



Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Solution to the problem that php ob_flush cannot output every secondNext article:Solution to the problem that php ob_flush cannot output every second

Related articles

See more