PHP to prevent SQL injection of effective processing methods

For data security, prevent injection need to filter $_get to get the string, at first I also wrote the filtered function, after

To see the PHP tutorial with a filter function, so the addslashes recommended to everyone.
An example of using addslashes () is when you are entering data into a database tutorial. For example, will name O ' Reilly

Inserted into the database, which you need to escape. Most databases are used as escape characters: O ' Reilly. This

Sample can put data into a database without inserting additional. When the PHP instruction Magic_quotes_sybase is

When set to on, means that the insert ' will be used ' for escape.
Example:

MySQL Tutorials and PHP with a lot of functions to handle character problems, here are a few to be used frequently.
PS Tutorial: Since PHP6 does not support MAGIC_QUOTES_GPC at the beginning, the following things are assumed

Magic_quotes_gpc=off conditions (do not know PHP6 will be something new ...)

Mysql_real_escape_string ()
Definition: A special character in a string used in a function escape SQL statement.
Syntax: mysql_real_escape_string (string,connection)
Description: This function escape special characters in string and takes into account the current character set of the connection, so it can be safely used for

Mysql_query ().
Because the instance code is too long, give the function explanation link

This function escape the special character in string and takes into account the current character set of the connection, so it can be safely used for

Mysql_query ().
Database attacks. This example demonstrates that if we do not apply the mysql_real_escape_string () function to the username and password

What will happen:

<?php
$con = mysql_connect ("localhost", "Hello", "321");
if (! $con)
{
Die (' Could not connect: '. Mysql_error ());
}

$sql = "SELECT * from Users
WHERE user= ' {$_post[' user ']} '
and password= ' {$_post[' pwd ']} ';
mysql_query ($sql);

Do not check user name and password
Can be anything that the user enters, such as:
$_post[' user ' = ' john ';
$_post[' pwd '] = "' or ' = '";

Some code ...

Mysql_close ($con);
?> then SQL queries become this way:

SELECT * from users
WHERE user= ' John ' and password= ' OR ' = ' means that no user will be required to enter a valid password

Landing

Addslashes ()
Definition: the Addslashes () function adds a backslash before the specified predefined character.
Syntax: Addslashes (String)
Note: By default, the PHP directive MAGIC_QUOTES_GPC on and all get, POST, and cookies

Data is automatically run Addslashes (). Do not use a string that has been escaped by MAGIC_QUOTES_GPC

Addslashes (), because this can result in a double escape. You can use functions when you encounter this situation

GET_MAGIC_QUOTES_GPC () for testing.
Because the instance code is too long, give the function explanation link
Related functions

<?php
$str = "Is your name O ' Reilly";

Output: Is your name O ' Reilly?
echo addslashes ($STR);
?>

Stripslashes () Remove backslash characters

The Stripslashes () function deletes the backslash that was added by the addslashes () function.

Grammar
Stripslashes (String)

<?php
Echo stripslashes ("Who ' s John Adams");
?>