php自带的几个防止sql注入的函数http://www.php100.com/html/webkaifa/PHP/PHPyingyong/2013/0318/12234.html
addslashes不能完全防sql注入,用mysql_real_escape_string;strip_tags过滤html、xml标签;httpspecialchars_decode
addslashes不能完全防sql注入,用mysql_real_escape_string;strip_tags过滤html、xml标签;httpspecialchars_decode
转载于:https://www.cnblogs.com/lyFocus/p/6267286.html