Home > Article > Backend Development > A relatively easy-to-use PHP anti-injection vulnerability filtering function code_PHP tutorial
A relatively easy-to-use PHP anti-injection vulnerability filtering function code_PHP tutorial
- WBOYOriginal
- 2016-07-21 15:19:06762browse
Copy code The code is as follows:
//PHP whole-site anti-injection program, which needs to be in a public file require_once this file
//Judge magic_quotes_gpc status
if (@get_magic_quotes_gpc ()) {
$_GET = sec ( $_GET );
$_POST = sec ( $_POST );
$ _COOKIE = sec ( $_COOKIE );
$_FILES = sec ( $_FILES );
}
$_SERVER = sec ( $_SERVER );
function sec(&$array) {
//If it is an array, traverse the array and call recursively
if (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$array [$k] = sec ( $v );
}
} else if (is_string ( $array )) {
//Use addslashes function to process
$array = addslashes ( $array );
} else if (is_numeric ( $array )) {
$array = intval ( $array );
}
return $array;
}
//Integer filter function
function num_check($id) {
if (! $id) {
die ( 'Parameter cannot be empty!' );
} //Judge whether it is empty
else if (inject_check ( $ id )) {
die ( 'Illegal parameter' );
} //Injection judgment
else if (! is_numetic ( $id )) {
die ( 'Illegal parameter' );
}
//Number judgment
$id = intval ($id);
//Integerization
return $id;
}
//Character filter function
function str_check($str) {
if (inject_check ( $str )) {
die ( 'illegal parameter' );
}
//Injection judgment
$str = htmlspecialchars ( $str );
//Convert html
return $str;
}
function search_check($str) {
$str = str_replace ( "_", "_", $str );
//Filter out "_"
$str = str_replace ( "%", "%", $str );
//Filter out "%"
$str = htmlspecialchars ( $str );
//Convert html
return $str;
}
//Form filter function
function post_check($str, $min, $max) {
if (isset ( $min ) && strlen ( $str ) < $min) {
die ( 'minimum $min bytes' );
} else if (isset ( $max ) && strlen ( $ str ) > $max) {
die ( 'Up to $max bytes' );
}
return stripslashes_array ( $str );
}
//Anti-injection function
function inject_check($sql_str) {
return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );
// www.jb51.net Filter and prevent injection
}
function stripslashes_array(&$array) {
if (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$array [$k] = stripslashes_array ( $v );
}
} else if (is_string ( $array )) {
$array = stripslashes ( $array );
}
return $array;
}
?>
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Share the method of caching the PHP website to speed up the opening speed_PHP tutorialNext article:Share the method of caching the PHP website to speed up the opening speed_PHP tutorial