//php过虑禁用字符,入数据库前(php代码函数) function safe_str($str){ $array=array('receive.php','select','insert','update','delete','union','into','load_file','outfile'); if(!is_array($str)){ foreach($array as $v){ $str=preg_replace(#({$v})#i,-\\$小贝-,$str); } //$str=preg_replace(![][xx]([a-fa-f0-9])!,x \\$小贝,$str); $str=str_replace(',''',$str); $str=str_replace('','',$str); $str=str_replace(--,'-',$str); $str=str_replace(\\*,'\\-*',$str); $str=str_replace(\\\\,'monxin_backslash',$str); $r=$str; }else{ $r=array(); foreach($str as $key=>$value){ //$key=safe_str($key); $r[$key]=safe_str($value); } } return $r;}
复制代码
php
