把一些预定义的字符转换为 HTML 实体以及在预定义字符前加上反斜杠,包括 单引号、双引号、反斜杠、NULL,以保护数据库安全.实例代码如下:
- function d_htmlspecialchars($string) {
- if(is_array($string)) {
- foreach($string as $key => $val) {
- $string[$key] = d_htmlspecialchars($val);
- }
- } else {
- $string = str_replace('&', '&', $string);
- $string = str_replace('"', '"', $string);
- $string = str_replace(''', ''', $string);
- $string = str_replace('<', '<', $string);
- $string = str_replace('>', '>', $string);
- $string = preg_replace('/&(#d;)/', '&1', $string);
- }
- return $string;
- }
-
-
-
- function d_addslashes($string, $force = 0) {
- if(!$globals['magic_quotes_gpc'] || $force) {
- if(is_array($string)) {
- foreach($string as $key => $val) $string[$key] = d_addslashes($val, $force);
- }
- else $string = addslashes($string);
- }
- return $string;
- }
|
