我已经看过几十个这样的PHP代码片段:
function DB_Quote($string)
{
if (get_magic_quotes_gpc() == true)
{
$string = stripslashes($string);
}
return mysql_real_escape_string($string);
}
如果我打电话DB_Quote("the (\\) character is cool");会怎么样?(谢谢jspcal!)
难道我们不应该只在剥离斜线get_magic_quotes_gpc() == true 和价值源于$_GET,$_POST或$_COOKIE超全局变量?