问题描述

我用这个:

function safeClean($n)
{
    $n = trim($n);

    if(get_magic_quotes_gpc())
    {
        $n = stripslashes($n);
    } 

    $n = mysql_escape_string($n);
    $n = htmlentities($n);

    return $n;
}

防止任何类型的MySQL注入或类似的东西.每当我用它来包裹$ _POST这样的时候:

To prevent any type of MySQL injection or anything like that. Whenever I use it to wrap around $_POST like this:

$username = safeClean($_POST['user']);
$password = md5(safeClean($_POST['password']));
$vpassword = md5(safeClean($_POST['verify']));
$email = safeClean($_POST['email']);

它甚至不起作用，但是我已经附加了functions.php，并且目录是正确的，但是根本不起作用，因为它只显示一个空白页...如果我从每个$ _POST中删除safeClean()，可以.

It doesn't even work, but I have attached functions.php and the directory is correct but doesn't work at all because it just shows a blank page... If I remove the safeClean() from each $_POST it works.

这怎么根本不起作用?

推荐答案

尝试使用mysql_real_escape_string()而不是mysql_escape_string().

这篇关于清除输入值的函数PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！