foreach(array('_COOKIE', '_POST', '_GET') as $_request) {
foreach($$_request as $_key => $_value) {
$_key{0} != '_' && $$_key = daddslashes($_value);
}
}
unset($_request, $_key, $_value);function daddslashes($string, $force = 0) {
!defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
if(!MAGIC_QUOTES_GPC || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}还有一个问题:
url:a.php?m=12
页面:$m 得到 12
为什么 $m 有值呢?
foreach($$_request as $_key => $_value) {
$_key{0} != '_' && $$_key = daddslashes($_value);
}
}
unset($_request, $_key, $_value);function daddslashes($string, $force = 0) {
!defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
if(!MAGIC_QUOTES_GPC || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}还有一个问题:
url:a.php?m=12
页面:$m 得到 12
为什么 $m 有值呢?
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST);
不是有 $_key{0} != '_' && $$_key = daddslashes($_value); 这一句吗?
不是的话,对字符串进行转义,防止sql注入其实就是对提交的所有数据进行转义
因为有
unset($_request, $_key, $_value);
我刚做php,不是很懂,后面恶补下。