我用这个:functionsafeClean($n){$n=trim($n);if(get_magic_quotes_gpc()){$n=stripslashes($n);}$n=mysql_escape_string($n);$n=htmlentities($n);return$n;}防止任何类型的MySQL注入(inject)或类似的东西。每当我用它像这样环绕$_POST时:$username=safeClean($_POST['user']);$password=md5(safeClean($_POST['password']));$vpassword=md5(safeClean
