$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
http://tw.php.net/htmlspecialchars
htmlspecialchars($string,ENT_QUOTES,"UTF-8");
沒有留言:
張貼留言