Function.php
/*Cleans an array to protect against injection attacks.*/
function f_clean($array) {
return array_map('mysqli_real_escape_string', $array);
}
process.php:用户插入数据的表单是清理SQL注入
/*This cleans our &_POST array to prevent against SQL injection attacks.*/
$_POST = f_clean($_POST);
答案 0 :(得分:0)
function f_clean($array) {
return array_map('mysqli::real_escape_string',$array);
}
程序样式mysqli_real_escape_string需要2个参数mysqli_real_escape_string(mysqli $ link,string $ escapestr),而面向对象的样式只需要1个mysqli :: real_escape_string(string $ escapestr)mysqli::real_escape_string
哦,我更喜欢在数据库选择/插入/更新之前立即转义我的数据,并且不要更新get / post / cookie全局数据,除非你有充分的理由