Home >Backend Development >PHP Tutorial >Input value/form submission parameter filtering method to effectively prevent SQL injection_PHP tutorial

Input value/form submission parameter filtering method to effectively prevent SQL injection_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:18:311005browse

Input value/form submission parameter filtering to prevent SQL injection or illegal attacks:

Copy code The code is as follows:

/ **
* Keywords for filtering sql and php file operations
* @param string $string
* @return string
* @author zyb
*/
private function filter_keyword( $string ) {
$keyword = 'select|insert|update|delete|'|/*|*|../|./|union|into |load_file|outfile';
$arr = explode( '|', $keyword );
$result = str_ireplace( $arr, '', $string );
return $result;
}

/**
* Check whether the entered number is legal, return the corresponding id if it is legal, otherwise return false
* @param integer $id
* @return mixed
* @author zyb
*/
protected function check_id( $id ) {
$result = false;
if ( $id !== '' && !is_null( $id ) ) {
$var = $this->filter_keyword( $id ); // Keywords for filtering sql and php file operations
if ( $var !== '' && !is_null( $ var ) && is_numeric( $var ) ) {
$result = intval( $var );
}
}
return $result;
}

/**
* Check whether the entered characters are legal, return the corresponding id if legal, otherwise return false
* @param string $string
* @return mixed
* @author zyb
*/
protected function check_str( $string ) {
$result = false;
$var = $this->filter_keyword( $string ); // Filter sql and php file operations Keywords
if ( !empty( $var ) ) {
if ( !get_magic_quotes_gpc() ) { // Determine whether magic_quotes_gpc is turned on
$var = addslashes( $string ); // Perform magic_quotes_gpc not Filtering of submitted data when open
}
//$var = str_replace( "_", "_", $var ); // Filter out '_'
$var = str_replace( "%", "%", $var ); // Filter out '%'
$var = nl2br( $var ); // Enter conversion
$var = htmlspecialchars( $var ); / /html tag conversion
$result = $var;
}
return $result;
}

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/621659.htmlTechArticleInput value/form submission parameter filtering to prevent SQL injection or illegal attacks: Copy the code as follows: /* * * Keywords for filtering sql and php file operations * @param string $string * @r...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn