So we can do anti-injection.

So you can do anti-injection?

function Defend_xss ($val) {
Return Is_array ($val)? $val: Htmlspecialchars ($val);
}

function GPC ($name, $w = ' GPC ', $default = ', $d _xss=1) {
Global $curr _script;
if ($curr _script==admincp) {
$d _XSS = 0;
}
$i = 0;
for ($i = 0; $i < strlen ($w); $i + +) {
if ($w [$i] = = ' G ' && isset ($_get[$name])) return $d _XSS? DEFEND_XSS ($_get[$name]): $_get[$name];
if ($w [$i] = = ' P ' && isset ($_post[$name])) return $d _XSS? DEFEND_XSS ($_post[$name]): $_post[$name];
if ($w [$i] = = ' C ' && isset ($_cookie[$name])) return $d _XSS? DEFEND_XSS ($_cookie[$name]): $_cookie[$name];
}
return $default;
}

 
  $test = GPC (' Test ', ' P ', ')
$userid = @ $db->result_first ("Select userid from user where username= ' $test '");
.... The following code omits
?>

Can you do anti-injection?

Share to:

------Solution--------------------
No!
You do not have any treatment for special characters '
------Solution--------------------
Single quotes, and so on, you can consider using MySQL and other functions of their own conversion

