Home > Article > Backend Development > SQL injection character detection function_PHP tutorial
SQL injection character detection function_PHP tutorial
- WBOYOriginal
- 2016-07-13 17:10:111028browse
I wrote a sql injection detection function that can effectively detect user posts and filter the obtained references. Friends in need can refer to it.
The code is as follows
|
Copy code | ||||
* All user-entered data, post parameters, and get parameters need to be detected
* If a keyword is matched, return the keyword, otherwise return false
* This is not the same as the detection of sensitive characters
*/
function Filter_SQL($strData)
{
$strFilter=$blnFlag=$arrayFilter='';
$strFilter="'|and|(|)|exec|insert|select|delete|update|count|*|%27|chr|mid|master|truncate|char|declare|union|or"; / /You can add the characters that need to be filtered by yourself, "|" is the separator
$blnFlag=false; //Filter flag, if filtering occurs, then it is true
$arr=explode("|",$strFilter);
$str="";
foreach($arr as $row)
{
$str.=preg_quote($row)."|";
}
$str=trim($str,"|");
if(preg_match('/'.$str.'/i',$strData,$word))
{
return $word[0];
}
return false;
}