Home >Backend Development >PHP Tutorial >PHP prevents sql injection code example_PHP tutorial

PHP prevents sql injection code example_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:18:07744browse

Put it into a common call file (such as the conn database link file) and filter all GET or POST data with special strings to achieve simple and effective SQL injection filtering

Copy code The code is as follows:

Function inject_check($sql_str) {
return eregi('select|insert| and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);
}
if (inject_check($_SERVER[' QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){
//echo "Warning illegal access!";
header("Location: Error.php ");
}

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/621681.htmlTechArticle is placed in the public call file (such as the conn database link file) and filters all GET or POST data with special characters String to implement simple and effective SQL injection filtering. Copy the code. The code is as follows...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn