我对addslashes和stripslashes有问题 我添加了这样的数据:
$data['sender_name']= addslashes($_POST['sender_name']);
$data['sender_email']= $_POST['sender_email'];
$id=insert('delivery',$data);
function insert($table=NULL,$fields=NULL)
{
if($table && isset($table) && $fields && isset($fields))
{
$sql="INSERT INTO $table(";
foreach($fields as $key=>$value)
{
$sql.="$key,";
}
$sql=(substr($sql,0,strlen($sql)-1));
$sql.=") VALUES (";
foreach($fields as $key=>$value)
{
if(is_string($value))
$sql.="'".$value."',";
else
$sql.="$value,";
}
$sql=(substr($sql,0,strlen($sql)-1));
$sql.=")";
$flag=0;
self::openConnection();
mysql_query($sql,self::$connection);
$flag=mysql_insert_id();
self::closeConnection();
return $flag;
}
}
它在数据库中输入数据但没有添加斜杠 magic_quotes_gpc已关闭。
答案 0 :(得分:3)
而不是addslashes使用mysql_real_escape_string
http://php.net/manual/en/function.mysql-real-escape-string.php