/************************************************ *SQL防注入函数 *@time 2014年6月24日18:50:59 * */ public function safe_replace($string){ $string = str_replace('%20','',$string); $string = str_replace('%27','',$string); $string = str_replace('%2527','',$string); $string = str_replace('*','',$string); $string = str_replace('"','"',$string); $string = str_replace("'",'',$string); $string = str_replace('"','',$string); $string = str_replace(';','',$string); $string = str_replace('<','<',$string); $string = str_replace('>','>',$string); $string = str_replace("{",'',$string); $string = str_replace('}','',$string); $string = str_replace("or","",$string); $string = str_replace("=","",$string); $string = str_replace("and","",$string); $string = str_replace("execute","",$string); $string = str_replace("update","",$string); $string = str_replace("count","",$string); $string = str_replace("chr","",$string); $string = str_replace("mid","",$string); $string = str_replace("master","",$string); $string = str_replace("truncate","",$string); $string = str_replace("char","",$string); $string = str_replace("declare","",$string); $string = str_replace("select","",$string); $string = str_replace("create","",$string); $string = str_replace("delete","",$string); $string = str_replace("insert","",$string); return $string; }