//防止sql攻击,对关键字进行过滤
$key =
addslashes($key);
//在单引号、双引号字符前添加反斜杠
$key =
str_replace('%','\%',$key);
//替换字符串
$key = str_replace('_','\_',$key);
//常用于like语句模糊搜索功能
$sql = "select * from users where username like '%$key%'";