//PHP过虑禁用字符,入数据库前(PHP代码函数)//代码来源:Monxin ./config/functions.php function safe_str($str){ $array=array('receive.php','select','insert','update','delete','union','into','load_file','outfile'); if(!
//PHP过虑禁用字符,入数据库前(PHP代码函数)
//代码来源:Monxin ./config/functions.php
function safe_str($str){
$array=array('receive.php','select','insert','update','delete','union','into','load_file','outfile');
if(!is_array($str)){
foreach($array as $v){
$str=preg_replace("#({$v})#i","-\\${1}-",$str);
}
//$str=preg_replace("![][xX]([A-Fa-f0-9])!","x \\${1}",$str);
$str=str_replace("'",''',$str);
$str=str_replace('"','"',$str);
$str=str_replace("--",'-',$str);
$str=str_replace("\\*",'\\-*',$str);
$str=str_replace("\\\\",'monxin_backslash',$str);
$r=$str;
}else{
$r=array();
foreach($str as $key=>$value){
//$key=safe_str($key);
$r[$key]=safe_str($value);
}
}
return $r;
}