更好的方法是
您可以使用下面的功能,但我/我们建议您不要使用该功能,因为MysqL_*
现在该功能已由社区维护和更新。
仅出于您的知识
$id = MysqL_prep($_POST['id']);
function MysqL_prep($value)
{
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_PHP = function_exists("MysqL_real_escape_string"); // i.e. PHP >= v4.3.0
if ($new_enough_PHP) { // PHP v4.3.0 or higher
// undo any magic quote effects so MysqL_real_escape_string can do the work
if ($magic_quotes_active) {
$value = stripslashes($value);
}
$value = MysqL_real_escape_string($value);
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if (!$magic_quotes_active) {
$value = addslashes($value);
}
// if magic quotes are active, then the slashes already exist
}
return $value ;
}