Several ways to prevent injection in php_PHP tutorial

php tutorial several ways to prevent injection

In fact, it turns out that we need to filter some of our common keywords and matches, such as:

select, insert, update, delete, and, *, etc.

Example:

function inject_check($sql_str) {
return eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file
|outfile', $sql_str); // Filter
}

Or filter special symbols between system functions

addslashes (content that needs to be filtered)

2. PHP security settings in other places

1. register_globals = off is set to off state

2. When writing sql statements, try not to omit small quotes and single quotes

select * from table where id=2 (not standardized)

select * from ·table· where ·id·=’2’ (standard)

3. Correctly use $_post $_get $_session, etc. to accept parameters and filter them

4. Improve naming skills in database tutorials. Some important fields can be named according to program characteristics

5. Encapsulate common methods to avoid direct exposure of sql statements

http://www.bkjia.com/PHPjc/629718.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629718.htmlTechArticlephp tutorial There are several ways to prevent injection. In fact, it turns out that we need to filter some of our common keywords and matches, such as: select, insert, update, delete, and, *, etc. Examples:...