The right way to prevent database attacks

<?PHPfunctionCheck_input ($value){//slash slash removalif(GET_MAGIC_QUOTES_GPC())  {  $value=stripslashes($value); }//if it's not a number, enclose it .if(!Is_numeric($value))  {  $value= "'".mysql_real_escape_string($value) . "‘"; }return $value;}$con=mysql_connect("localhost", "Hello", "321");if(!$con)  {   die(' Could not connect: '.Mysql_error()); }//Make secure SQL$user= Check_input ($_post[' User ']);$pwd= Check_input ($_post[' pwd ']);$sql= "SELECT * from users whereuser=$userand password=$pwd";mysql_query($sql);Mysql_close($con);?>

GET_MAGIC_QOUTES_GPC ():

When Magic_quotes_gpc=on, the function GET_MAGIC_QUOTES_GPC () returns 1

When Magic_quotes_gpc=off, the function get_magic_quotes_gpc () returns 0

The role of the MAGIC_QUOTES_GPC function in PHP is to determine the data that resolves user prompts, such as the following: Post, get, and cookie data to increase the escape character "\" to ensure that the data does not quote the program, especially the database language . Fatal error due to contamination caused by special characters.

Stripslashes (): Remove GET_MAGIC_QOUTES_GPC () escape.

The mysql_real_escape_string () function escapes special characters in strings used in SQL statements.

The following characters are affected:

• \x00
• \ n
• \ r
• \
• ‘
• "
• \x1a

The right way to prevent database attacks