php安全之直接用$获取值而不$_GET 字符转义 |
|
本文标签:字符转义 复制代码 代码如下: <? function my_addslashes($string, $force = 0) { !defined(MAGIC_QUOTES_GPC) && define(MAGIC_QUOTES_GPC, get_magic_quotes_gpc()); if(!MAGIC_QUOTES_GPC || $force) { if(is_array($string)) { foreach($string as $key => $val) { $string[$key] = my_addslashes($val, $force); } } else { $string = addslashes($string); } } return $string; } foreach(array(_COOKIE, _POST, _GET) as $_request) { foreach($$_request as $_key => $_value) { $_key{0} != _ && $$_key = my_addslashes($_value); } } echo $urls; ?> |
