PHP SQL???????

???????????? ???????[ 2014/5/28 16:15:21 ] ????????SQL??? ??????????

????????????????ò???SQL???SQL Injection??????????ù?ASP????SQL???????б????????PHP???????????????????MYSQL4???μ?汾???????????????php.ini??? magic_quotes_gpc ?On ???
????????????????е? ' (??????)?? " (?????)?? (??б??) and ???????????????з?б?????????????SQL????????????鷳??
???????????“?鷳”????~??????ζ??PHP????SQL??????н??????????????????????????????????????罫SQL?????? ASCII?????????char(100??58??92??108??111??99??97??108??104??111??115??116…)??????????????????? 16?????????????????????????????????????????????????????????????????
????a?? ??magic_quotes_gpc?????addslashes()????
???????°汾??PHP?У???magic_quotes_gpc??????????addslashes()????????????г??????????????????汾?????????????????????????magic_quotes_gpc?????????????????????￡?
????PHP????SQL???????

//?????????

function stripslashes_array($array){

if (is_array($array)) {

foreach ($array as $k => $v) {

$array[$k] = stripslashes_array($v);

}

} else if (is_string($array)) {

$array = stripslashes($array);

}

return $array;

}

$_POST = array_map('stripslashes_deep'?? $_POST);

???????magic_quotes_gpc?????????????addslashes?????????????￡?
????PHP????SQL???????
????$keywords = addslashes($keywords);
????$keywords = str_replace("_"??"\_"??$keywords);//????”_”
????$keywords = str_replace("%"??"\%"??$keywords);//????”%”
??????????str_replace?滻????????????????SQL??????й?????

????1 2 ????

???????????????????????漰???????????????????SPASVOС??(021-61079698-8054)?????????????????????????