好多分数丫,羡慕ing...addslashes
(PHP 3, PHP 4 )addslashes -- Quote string with slashes
Description
string addslashes ( string str)
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). 注: magic_quotes_gpc is ON by default.
(PHP 3, PHP 4 )addslashes -- Quote string with slashes
Description
string addslashes ( string str)
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte). 注: magic_quotes_gpc is ON by default.
例如用 $sql="insert into mytable set username=\"$username\";
这样我接收的$username可以包含双引号",及单引号.
$someone=$_POST["someone"];
if(ereg("\'",$someone))
{
print "包含非法字符";
}
else
{
//somecode
}
$content=ereg_replace("'","`",$content)." ";
先转换掉;
function cv_str($content)
{
$content=str_replace(chr(34),""",$content);
$content=str_replace("'","`",$content);
return($content);
}