Home >Backend Development >PHP Tutorial >PHP implements a general method to prevent sql injection

PHP implements a general method to prevent sql injection

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
2016-07-25 08:45:291061browse
  1. function inject_check($sql_str) {
  2. return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile' , $sql_str);
  3. }
  4. function verify_id($id=null) {
  5. if(!$id) {
  6. exit('No parameters submitted!');
  7. } elseif(inject_check($id)) {
  8. exit( 'The submitted parameter is illegal! ');
  9. } elseif(!is_numeric($id)) {
  10. exit('The submitted parameter is illegal!');
  11. }
  12. $id = intval($id);
  13. return $id ;
  14. }
  15. function str_check( $str ) {
  16. if(!get_magic_quotes_gpc()) {
  17. $str = addslashes($str); // Filter
  18. }
  19. $str = str_replace("_", "_", $str);
  20. $str = str_replace("%", "%", $str);
  21. return $str;
  22. }
  23. function post_check($post) {
  24. if(!get_magic_quotes_gpc()) {
  25. $post = addslashes($post);
  26. }
  27. $post = str_replace("_", "_", $post);
  28. $post = str_replace("%", "%", $post);
  29. $post = nl2br ($post);
  30. $post = htmlspecialchars($post);
  31. return $post;
  32. }
Copy code

PHP, sql


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn