SQL 注入或者 SQLi 常见的攻击网站的手段,使用下面的代码可以帮助你防止SQL注入
用法:
- function clean($input)
- {
- if (is_array($input))
- {
- foreach ($input as $key => $val)
- {
- $output[$key] = clean($val);
- // $output[$key] = $this->clean($val);
- }
- }
- else
- {
- $output = (string) $input;
- // if magic quotes is on then use strip slashes
- if (get_magic_quotes_gpc())
- {
- $output = stripslashes($output);
- }
- // $output = strip_tags($output);
- $output = htmlentities($output, ENT_QUOTES, 'UTF-8');
- }
- // return the clean text
- return $output;
- }
- <?php
- $text = "<script>alert(1)</script>";
- $text = clean($text);
- echo $text;
- ?>
来源: http://www.phpxs.com/code/1002988/