这是设置函数检查空格,特殊字符并删除它们的正确方法吗?
function sanitizeData($data)
{
$data = htmlspecialchars($data);
$data = stripslashes($data);
$data = trim($data);
return $data;
}
这是应用该功能的正确方法吗?
$complex = sanitizeData($_POST['complex']);
答案 0 :(得分:-1)
这是PHP的简单方法,如果你进入它,还有面向对象的方式。
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
$city = "'s Hertogenbosch"; //your input string.
$city = mysqli_real_escape_string($link, $city);
mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")
修复复制和粘贴:
$link = mysqli_connect("localhost", "my_user", "my_password", "world");
function sanitized($variable){
$variable = mysqli_real_escape_string($link, $variable);
} //variables have been sanitized!
mysqli_query($link, "INSERT into myCity (Name) VALUES ('$city')")
你可以为$ _POST或$ _GET数组中的每个值循环,然后只应用该函数。对不起有很多编辑,在php端有点生锈。