替换掉sql关键字,进行处理
// sql参数过滤 function sqlCheck($paramater){ $arr = array(); foreach($paramater as $k=>$v){ if(is_array($v)){ foreach($v as $u){ $arr[$k][] = $u; } }else{ $arr[$k] = sprintf("%s",preg_replace('/\b(=|<|>|and|or|;|where|from|not|HAVING|select)\b/im','',$v)); } } return $arr; } $_GET = sqlCheck(&$_GET); $_POST = sqlCheck(&$_POST); $_REQUEST = sqlCheck(&$_REQUEST);