php函数库就是丰富..
<?php
function check_input($value)
{
// 去除斜杠if (get_magic_quotes_gpc())
{
$value =
stripslashes($value)
;
}
// 如果不是数字则加引号if (!is_numeric($value))
{
$value = "'" .
mysql_real_escape_string($value)
. "'";
}
return $value;
}
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// 进行安全的 SQL$user = check_input($_POST['user']);
$pwd = check_input($_POST['pwd']);
$sql = "SELECT * FROM users WHERE
user=$user AND password=$pwd";
mysql_query($sql);
mysql_close($con);
?>