[Share] is a practical method to process form parameters and URL parameters?

[Share] is a practical method to process form parameters and URL parameters? When you are processing many parameter submissions, you may encounter database queries, inserts, and other operations,
In this case, you need to escape or materialized
Phper beginners who are not familiar with security should write query statements in this way.

$sql="select * from demo where user='".$_POST['user']."'"";

There is a risk of SQL injection.
This is generally the case for experienced users to write query statements.

$sql="select * from demo where user='".addslashes($_POST['user'])."'"";

There is no problem with this writing, that is
1. not professional
2. there are too many statements, and each statement is written. this is cumbersome and may be omitted.

I will write this statement based on my current knowledge.

$sql="select * from demo where user='".$_POST['user']."'"";

But I am not a beginner,
I will add a sentence at the beginning of the form processing file,

$_POST=array_map("addslashes",$_POST);

Actual source code example

 ";var_dump($_POST);?>

Printed result

array(2) {  ["user"]=>  string(4) "demo"  ["content"]=>  string(18) "Hello,It\'s a book"}

Reply to discussion (solution)

Please call me alive Lei Feng

If the form has a control with the same name, $ _ POST = array_map ("addslashes", $ _ POST );
Right? Alive Lei Feng

If the form has a control with the same name, $ _ POST = array_map ("addslashes", $ _ POST );
Right? Alive Lei Feng

What is a form control with the same name?

The simplest answer is the check box.




Answer 1
Answer 2
Answer 3

Although the text control with the same name can be avoided
The check box cannot be avoided.

I tried it. sure enough, I don't have a week to think about it. I should pay attention to it later.

The simplest answer is the check box.




Answer 1
Answer 2
Answer 3

Although the text control with the same name can be avoided
The check box cannot be avoided.

Good living Lei Feng.

So write it like this.

$a = array(  'a' => "a'b",  'b' => array("C'd", 123));array_walk_recursive($a, function(&$v) { $v = addslashes($v); });print_r($a);

Array(    [a] => a\'b    [b] => Array        (            [0] => C\'d            [1] => 123        ))

?? The method is too good, before ??? Think.
?? Main share.

Decisively add to favorites

So write it like this.

$a = array(  'a' => "a'b",  'b' => array("C'd", 123));array_walk_recursive($a, function(&$v) { $v = addslashes($v); });print_r($a);

Array(    [a] => a\'b    [b] => Array        (            [0] => C\'d            [1] => 123        ))

An error is prompted when writing the code.

This fairy has not seen me for a long time. I really want to know how many people have downloaded and upgraded your elegant framework to what version... what kind of advanced javaScript works do I worship?

This fairy has not seen me for a long time. I really want to know how many people have downloaded and upgraded your elegant framework to what version... what kind of advanced javaScript works do I worship?

I am no longer persistent in the framework layer. I can see that there are people on the forum who are arguing about what framework is good or bad.
Js plug-ins can try, pop-up window http://tip.youyax.com/