更新时间:2022-11-27 13:23:14
更好的方法是
您可以使用下面的功能,但我/我们建议您不要使用该功能,因为 mysql _ *
现在已由社区维护和更新。
you can use the function below but i/we recommended you to not use function since the mysql_*
now anymore maintained and updating by community .
仅出于您的了解
$id = mysql_prep($_POST['id']);
function mysql_prep($value)
{
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists("mysql_real_escape_string"); // i.e. PHP >= v4.3.0
if ($new_enough_php) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if ($magic_quotes_active) {
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if (!$magic_quotes_active) {
$value = addslashes($value);
}
// if magic quotes are active, then the slashes already exist
}
return $value ;
}
好读