我有防止sql注入(inject)的功能 是一个优秀的功能,确实起到了防止攻击的作用,但是 开始显示字符问题
这个词是“controle de finanças” 在 var_dump 中,我看到字符串 (31) "controle de finanças"
我正在尝试一些方法但失败了 2 天请帮助我
function Anti_Sql_Injection($string){
if(ini_get('magic_quotes_gpc') == 'off'){
$string = addslashes($string);
}
$string = htmlentities($string, ENT_QUOTES);
$codes = array("script","java","applet","iframe","meta","object","html","CONCAT","CHAR","FLOOR","RAND", "<", ">", ";", "'","%");
$string = str_replace($codes,"",$string);
return $string;
}
最佳答案
试试这个;
function Anti_Sql_Injection($string){
if(ini_get('magic_quotes_gpc') == 'off') {
$string = addslashes($string);
}
$string = htmlspecialchars($string, ENT_QUOTES,"UTF-8");
$codes = array("script","java","applet","iframe","meta","object","html","CONCAT","CHAR","FLOOR","RAND", "<", ">", ";", "'","%");
$string = str_replace($codes,"",$string);
return $string;
}
我也想告诉你 PDO .它通过准备好的语句内置了 SQL 注入(inject)。查看this从 PDO 开始的教程。我知道它有点旧,但仍然有效并且解释得很好。
关于php - 防止 XSS 攻击并正确编码字符,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30116730/