//GPC filtering, automatically escapes special characters in $_GET, $_POST, $_COOKIE to prevent SQL injection attacks
$_GET = saddslashes($_GET);
$_POST = saddslashes($_POST ; ($string, $force = 0, $strip = FALSE) {
//Whether the string or array is forced or removed
//If the magic reference is not turned on or $force is not 0 if(! MAGIC_QUOTES_GPC || $force) { if(is_array($string)) { //If it is an array, loop this function foreach($string as $key => $val) { $string[$key] = daddslashes($val, $force);
}
} else {
//If magic reference is on or $force is 0
//The following is a three Meta operator, if $strip is true, execute stripslashes to remove the backslash characters, and then execute addslashes
//$strip is true, that is, remove the backslash characters first and then escape them as $_GET,$ _POST, $_COOKIE and $_REQUEST The $_REQUEST array contains the values of the first three arrays
//Why do we need to remove the backslash and then escape the $string here, because sometimes $string may have two backslashes, stripslashes filters out excess backslashes
$string = addslashes($strip ? stripslashes($string) : $string);
}
}
return $string ;
}eg: saddslashes function saddslashes($string) { if(!MAGIC_QUOTES_GPC){
if(is_array($string)) { //If the escape is an array, recursively convert the value in the array Meaning
foreach($string as $key => $val) {
$string[$key] = saddslashes($val);
}
} else {
$string = addslashes($string); //Escape single quotes ('), double quotes ("), backslashes () and NUL (NULL characters)
}
return $string;
}else{
return $string;
}
The main thing is:
saddslashes can escape every data
Copy code
The code is as follows:
function saddslashes($string) {
if(is_array($string)) {
foreach($string as $key => $val) { $string[$key] = saddslashes($val); } } else { $string = addslashes($string);
}
return $string;
}
http://www.bkjia.com/PHPjc/326187.html
www.bkjia.com
truehttp: //www.bkjia.com/PHPjc/326187.html
TechArticle//GPC filtering, automatically escape special characters in $_GET, $_POST, $_COOKIE to prevent SQL injection Attack $_GET = saddslashes($_GET); $_POST = saddslashes($_POST); Copy the code as follows: Next...
The difference between static web pages and dynamic web pages
What are the four big data analysis tools?
statistical analysis
What is the difference between 4g and 5g mobile phones?
The difference between k8s and docker
The difference between JD.com's self-operated flagship store and its official flagship store
How to open php file
The difference between get and post
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
