error_reporting(0);//关闭错误报告
header("Content-Type: text/html; charset=utf8");
提交数据特殊字符检测
$ArrFiltrate=array("union","select","and","update","delect","join","exec","=","<",">","declare","|","\*","%","/","'","!","\?","&","count","chr","declare","#");
function FunStringExist($StrFiltrate, $ArrFiltrate) {
foreach ( $ArrFiltrate as $key => $value ) {
if (substr_count(strtolower($value), strtolower($StrFiltrate) )) {
return true;
}
}
return false;
}
if (function_exists ( array_merge )) {
$ArrPostAndGet = array_merge ( $_POST, $_GET );
} else {
foreach ( ( array ) $_POST as $key => $value ) {
$ArrPostAndGet [] = $value;
}
foreach ( ( array ) $_GET as $key => $value ) {
$ArrPostAndGet [] = $value;
}
}
foreach ( $ArrPostAndGet as $key => $value ) {
if (FunStringExist ( $value, $ArrFiltrate )) {
echo "<script language=javascript>alert('请不要带有特殊字符!');</script>";
exit ();
}
}
数据库连接
$dbserver="localhost";//
$dbuser="数据库账号";
$dbname="数据库";
$dbpass="密码";
$link = mysql_connect($dbserver,$dbuser,$dbpass);
if (!$link) {
die(mysql_error());
}
mysql_select_db($dbname);
mysql_query("set names utf8");