A simple method to implement sql anti-injection in php, phpsql anti-injection_PHP tutorial

php simple method to implement sql anti-injection, phpsql anti-injection

This article describes the simple method of php to implement sql anti-injection. Share it with everyone for your reference, the details are as follows:

There is not much filtering here, mainly for the combination of php and mysql.

For general injection prevention, just use PHP’s addslashes function.

The following is a copied code:

PHP code:

$_POST = sql_injection($_POST);
$_GET = sql_injection($_GET);
function sql_injection($content)
{
if (!get_magic_quotes_gpc()) {
if (is_array($content)) {
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
}
} else {
addslashes($content);
}
}
return $content;
}

If you want to build a system, you can use the following code, which is also copied.

PHP code:

function inject_check($sql_str) {
 return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str);  // 进行过滤
}
function verify_id($id=null) {
 if (!$id) { exit('没有提交参数！'); }  // 是否为空判断
 elseif (inject_check($id)) { exit('提交的参数非法！'); }  // 注射判断
 elseif (!is_numeric($id)) { exit('提交的参数非法！'); }  // 数字判断
 $id = intval($id);  // 整型化
 return $id;
}
function str_check( $str ) {
 if (!get_magic_quotes_gpc()) {  // 判断magic_quotes_gpc是否打开
  $str = addslashes($str);  // 进行过滤
 }
 $str = str_replace("_", "\_", $str);  // 把 '_'过滤掉
 $str = str_replace("%", "\%", $str);  // 把 '%'过滤掉
 return $str;
}
function post_check($post) {
 if (!get_magic_quotes_gpc()) {  // 判断magic_quotes_gpc是否为打开
  $post = addslashes($post);  // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤
 }
 $post = str_replace("_", "\_", $post);  // 把 '_'过滤掉
 $post = str_replace("%", "\%", $post);  // 把 '%'过滤掉
 $post = nl2br($post);  // 回车转换
 $post = htmlspecialchars($post);  // html标记转换
 return $post;
}

Readers who are interested in more PHP related content can check out the special topics of this site: "php programming security tutorial", "php security filtering skills summary", PHP operations and operator usage summary", PHP network programming skills Summary", "Introduction Tutorial on PHP Basic Syntax", "Summary of PHP Office Document Operation Skills (Including Word, Excel, Access, PPT)", "Introduction Tutorial on PHP Object-Oriented Programming", "Summary of PHP String Usage" , "Introduction Tutorial on PHP MySQL Database Operation" and "Summary of Common PHP Database Operation Skills"

I hope this article will be helpful to everyone in PHP programming.

http://www.bkjia.com/PHPjc/1122886.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/1122886.htmlTechArticlephp simple method to implement sql anti-injection, phpsql anti-injection This article describes the simple method of php to implement sql anti-injection . Share it with everyone for your reference, the details are as follows: There is not much here...