php函数get_magic_quotes_gpc 介绍:
- <?php
- // If magic quotes are enabled
- echo $_POST['lastname']; // O\'reilly
- echo addslashes($_POST['lastname']); // O\\\'reilly
- // Usage across all PHP versions
- if (get_magic_quotes_gpc()) {
- $lastname = stripslashes($_POST['lastname']);
- }
- else {
- $lastname = $_POST['lastname'];
- }
- // If using MySQL
- $lastname = mysql_real_escape_string($lastname);
- echo $lastname; // O\'reilly
- $sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')";
- ?>
php可以根据判断get_magic_quotes_gpc为真则开启了自动转换,否则需要手动addslashes
mysql的转换函数:mysql_real_escape_string
转载于:https://blog.51cto.com/superfly81/1112396