php anti injection form submission value escape implementation details
- 2020-06-12 08:43:31
- OfStack
During development, we need to take care to prevent sql injection, so we can update the data to the database only if we process the values submitted from the form accordingly
php sweeping Forces function. Any value can be passed over for conversion
stripslashes () is used to remove backslashes
stripslashes() removes the backslash from addslashes() automatically
php sweeping Forces function. Any value can be passed over for conversion
function quotes($content)
{
// if magic_quotes_gpc=Off ", then start dealing with it
if (!get_magic_quotes_gpc()) {
// judge $content Is it an array
if (is_array($content)) {
// if $content It's an array, so we're going to handle each of those 1 A single no
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
}
} else {
// if $content Not an array, so just handle it 1 time
addslashes($content);
}
} else {
// if magic_quotes_gpc=On , then do not deal with
}
// return $content
return $content;
stripslashes () is used to remove backslashes
stripslashes() removes the backslash from addslashes() automatically