????????????????ò???SQL???SQL Injection??????????ù?ASP????SQL???????б????????PHP???????????????????MYSQL4???μ?汾???????????????php.ini??? magic_quotes_gpc ?On ???
????????????????е? ' (??????)?? " (?????)?? (??б??) and ???????????????з?б?????????????SQL????????????鷳??
???????????“?鷳”????~??????ζ??PHP????SQL??????н??????????????????????????????????????罫SQL?????? ASCII?????????char(100??58??92??108??111??99??97??108??104??111??115??116…)??????????????????? 16?????????????????????????????????????????????????????????????????
????a?? ??magic_quotes_gpc?????addslashes()????
???????°汾??PHP?У???magic_quotes_gpc??????????addslashes()????????????г??????????????????汾?????????????????????????magic_quotes_gpc?????????????????????£?
????PHP????SQL???????

 

//?????????
function stripslashes_array($array){
if (is_array($array)) {
foreach ($array as $k => $v) {
$array[$k] = stripslashes_array($v);
}
} else if (is_string($array)) {
$array = stripslashes($array);
}
return $array;
}
$_POST = array_map('stripslashes_deep'?? $_POST);

???????magic_quotes_gpc?????????????addslashes?????????????£?
????PHP????SQL???????
????$keywords = addslashes($keywords);
????$keywords = str_replace("_"??"\_"??$keywords);//????”_”
????$keywords = str_replace("%"??"\%"??$keywords);//????”%”
??????????str_replace?滻????????????????SQL??????й?????