Php simplest SQL anti-injection functions and methods-PHP Tutorial

Php is the simplest SQL anti-injection function and method. Mysql tutorial _ real_escape_string escapes special characters in the strings used in SQL statements, and takes into account the connected current character set. But note: This function does not escape % and _. In addition, mysql tutorial _ real_escape_string-escape special characters in the strings used in SQL statements, and take into account the connected current character set.

But note: This function does not escape % and _. In addition, it is best not to use this function for the entire SQL statement, but to only escape the string parameters passed into the SQL statement, otherwise unexpected results will occur.

$ Item = "Zak's and Derick's Laptop ";
$ Escaped_item = mysql_real_escape_string ($ item );
Printf ("Escaped string: % sn", $ escaped_item );
?>

The addslashes () function adds a backslash before the specified predefined character.

The predefined characters are:

Single quotes (')
Double quotation marks (")
Backslash ()
NULL

By default, the magic_quotes_gpc command of PHP is on, and addslashes () is automatically run for all GET, POST, and COOKIE data (). Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this causes double-layer escape. In this case, you can use the get_magic_quotes_gpc () function for detection.

$ Str = "jane & 'tarzance'"; // defines an html string.
Echo html_entity_decode ($ str); // output the converted content
Echo"
";
Echo html_entity_decode ($ str, ent_quotes); // optional parameter output

For more details, see http://www.bKjia. c0m/phper/php-function/36439.htm

Escape escape special characters in the strings used in SQL statements and take into account the connected current character set. But note: This function does not escape % and _. In addition...