Method one:

Mysql_real_escape_string — Escapes special characters in strings used in SQL statements, taking into account the current character set of the connection!

$sql = "select count(*) as ctr from users where username
='".mysql_real_escape_string($username)."' and
password='". mysql_real_escape_string($pw)."' limit 1";
Copy the code

Method 2:

Open magic_quotes_gPC to prevent SQL injection. In php.ini there is a setting: magic_quotes_gPC = Off. This is Off by default. If turned on, it will automatically convert queries submitted by the user to SQL, such as’ to ‘, which is important in preventing SQL injection.

If magic_quotes_gPC =Off, the addslashes() function is used.

Method 3:

Custom function

* author: xiaochuan * @param: Mixed $value */ function check_param($value=null) {# select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile $str = 'select|insert|and|or|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile'; if(! $value) {exit(' No arguments! '); }elseif(eregi($STR, $value)) {exit(' invalid! '); } return true; */ function str_check($value) {if(! Get_magic_quotes_gpc ()) {$value = addslashes($value); } $value = str_replace("_", "\_", $value); $value = str_replace("%", "\%", $value); return $value; */ function post_check($value) {if(! Get_magic_quotes_gpc ()) {$value = addslashes($value); } $value = str_replace("_", "\_", $value); $value = str_replace("%", "\%", $value); $value = nl2br($value); $value = htmlspecialchars($value); return $value; }Copy the code

Pay attention and don’t get lost

All right, everybody, that’s all for this article. All the people here are talented. As I said before, there are many technical points in PHP, because there are too many, it is really difficult to write, you will not read too much after writing, so I have compiled it into PDF and document, if necessary

Click on the code: PHP+ “platform”

As long as you can guarantee your salary to rise a step (constantly updated)

I hope the above content can help you. Many PHPer will encounter some problems and bottlenecks when they are advanced, and they have no sense of direction when writing too many business codes. I have sorted out some information, including but not limited to: Distributed architecture, high scalability, high performance, high concurrency, server performance tuning, TP6, Laravel, YII2, Redis, Swoole, Swoft, Kafka, Mysql optimization, shell scripting, Docker, microservices, Nginx, etc