标签:
mysql_real_escape_string方法
http://www.w3school.com.cn/php/func_mysql_real_escape_string.asp
//过滤REQUEST串
function checkurl (){
$words = array();
$words[] = " add ";
$words[] = " count ";
$words[] = " create ";
$words[] = " delete ";
$words[] = " drop ";
$words[] = " from ";
$words[] = " grant ";
$words[] = " insert ";
$words[] = " select ";
$words[] = " truncate ";
$words[] = " update ";
$words[] = " use ";
$words[] = "-- ";
foreach($_REQUEST as $strGot) {
$strGot = strtolower($strGot);
foreach($words as $word) {
if (strstr($strGot, $word)) {
echo "您输入的内容含有非法字符!";
exit;
}
}
}
}
checkurl();//包含SQL断开
标签:
原文地址:http://www.cnblogs.com/lansetiankongblog/p/5435884.html
