PHP提供了自动在字符串中加入或去除转义字符的函数,在SQL语句中是相当实用的:
<?php
$title = "Bill's brother";
$query = "select * frome atricles where title ='".$title."'";
echo $query."<br>";
//进行SQL查询的关键字转义
$title = addslashes($title);
$query = "select * frome atricles where title ='".$title."'";
echo $query."<br>";
//去掉对title的转义
$title = stripslashes($title);
$query = "select * frome atricles where title ='".$title."'";
echo $query."<br>";
echo "<br><hr><br>";
//与使用addcslashes()等效
$title = addcslashes($title,"'");
$query = "select * frome atricles where title ='".$title."'";
echo $query."<br>";
$str = "money";
//所有字母前加上\
$str = addcslashes($str, "a..z");
echo "$str"."<br>";