Home >Backend Development >PHP Tutorial >PHP code to implement anti-injection and form submission value escaping

PHP code to implement anti-injection and form submission value escaping

WBOY
WBOYOriginal
2016-07-25 08:58:561002browse
  1. /**
  2. * PHP form character escape
  3. * Prevent sql injection
  4. * edit bbs.it-home.org
  5. */
  6. function quotes($content)
  7. {
  8. //If magic_quotes_gpc=Off, then start processing
  9. if (!get_magic_quotes_gpc()) {
  10. / /Determine whether $content is an array
  11. if (is_array($content)) {
  12. //If $content is an array, then process each of its elements
  13. foreach ($content as $key=>$value) {
  14. $content[$key] = addslashes($value);
  15. }
  16. } else {
  17. //If $content is not an array, then it will only be processed once
  18. addslashes($content);
  19. }
  20. } else {
  21. // If magic_quotes_gpc=On, then it will not be processed
  22. }
  23. //Return $content
  24. return $content;
  25. ?>
Copy code

Note: Use stripslashes () to remove backslashes when displaying stripslashes(), it can remove the (backslash) automatically added during addslashes() processing.

That’s it, a simple php function that can escape form submission content and prevent SQL injection.



Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn