标签: php sql-injection
处理SQL注入的更好(更安全)方法是什么?
$var = filter_var($_POST['var'], FILTER_SANITIZE_STRING);
或
mysqli_real_escape_string($link, $_POST['var']);