本文介绍了清除输入值的函数PHP的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我用这个:
function safeClean($n)
{
$n = trim($n);
if(get_magic_quotes_gpc())
{
$n = stripslashes($n);
}
$n = mysql_escape_string($n);
$n = htmlentities($n);
return $n;
}
防止任何类型的MySQL注入或类似的东西.每当我用它来包裹$ _POST这样的时候:
To prevent any type of MySQL injection or anything like that. Whenever I use it to wrap around $_POST like this:
$username = safeClean($_POST['user']);
$password = md5(safeClean($_POST['password']));
$vpassword = md5(safeClean($_POST['verify']));
$email = safeClean($_POST['email']);
它甚至不起作用,但是我已经附加了functions.php,并且目录是正确的,但是根本不起作用,因为它只显示一个空白页...如果我从每个$ _POST中删除safeClean(),可以.
It doesn't even work, but I have attached functions.php and the directory is correct but doesn't work at all because it just shows a blank page... If I remove the safeClean() from each $_POST it works.
这怎么根本不起作用?
推荐答案
尝试使用mysql_real_escape_string()
而不是mysql_escape_string()
.
这篇关于清除输入值的函数PHP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!