<?PHPfunctionCheck_input ($value){//slash slash removalif(GET_MAGIC_QUOTES_GPC()) { $value=stripslashes($value); }//if it's not a number, enclose it .if(!Is_numeric($value)) { $value= "'".mysql_real_escape_string($value) . "‘"; }return $value;}$con=mysql_connect("localhost", "Hello", "321");if(!$con) { die(' Could not connect: '.Mysql_error()); }//Make secure SQL$user= Check_input ($_post[' User ']);$pwd= Check_input ($_post[' pwd ']);$sql= "SELECT * from users whereuser=$userand password=$pwd";mysql_query($sql);Mysql_close($con);?>
GET_MAGIC_QOUTES_GPC ():
When Magic_quotes_gpc=on, the function GET_MAGIC_QUOTES_GPC () returns 1
When Magic_quotes_gpc=off, the function get_magic_quotes_gpc () returns 0
The role of the MAGIC_QUOTES_GPC function in PHP is to determine the data that resolves user prompts, such as the following: Post, get, and cookie data to increase the escape character "\" to ensure that the data does not quote the program, especially the database language . Fatal error due to contamination caused by special characters.
Stripslashes (): Remove GET_MAGIC_QOUTES_GPC () escape.
The mysql_real_escape_string () function escapes special characters in strings used in SQL statements.
The following characters are affected:
The right way to prevent database attacks