Php 在url中插入pdo getting\
我正在尝试通过tinymce插入html 例如:Php 在url中插入pdo getting\,php,pdo,sql-insert,backslash,Php,Pdo,Sql Insert,Backslash,我正在尝试通过tinymce插入html 例如: <img title="q" src="../kcfinder/upload/image/3b5330574c883fe1040eaddeb596ea20.jpg" alt="q" width="640" height="480" /> 我试过用stru替换,但没用。 有人知道如何删除\ 解决方案: if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$
<img title="q" src="../kcfinder/upload/image/3b5330574c883fe1040eaddeb596ea20.jpg" alt="q" width="640" height="480" />
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
这不是PDO,而是一些您自己的代码
它要么是某种“消毒”功能。你必须摆脱它们中的任何一个。你的代码可能容易受到SQL注入的攻击,我知道,你的意思是剥去标签并修剪?它们都不会增加slashes@YourCommonSense我认为用bindValue准备好的语句就足够了?@Bas参考(在底部)-有一个更安全的查询解决方案
$data = array_slice($data1, 0, -1);
foreach ($data as $column => $value) {
$ins[] = ':' . $column;
}
$ins = implode(',', $ins);
$fields = implode(',', array_keys($data));
$sql = "insert into $this->tableName ($fields) values ($ins)";
$sth = $this->connection->getConnection()->prepare($sql);
foreach ($data as $f => $v) {
$sth->bindValue(':' . $f, $v);
}
return $sth->execute();
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}