Home  >  Article  >  Backend Development  >  PHP implements a general method to prevent sql injection

PHP implements a general method to prevent sql injection

WBOY
WBOYOriginal
2016-07-25 08:45:29977browse
  1. function inject_check($sql_str) {
  2. return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile' , $sql_str);
  3. }
  4. function verify_id($id=null) {
  5. if(!$id) {
  6. exit('No parameters submitted!');
  7. } elseif(inject_check($id)) {
  8. exit( 'The submitted parameter is illegal! ');
  9. } elseif(!is_numeric($id)) {
  10. exit('The submitted parameter is illegal!');
  11. }
  12. $id = intval($id);
  13. return $id ;
  14. }
  15. function str_check( $str ) {
  16. if(!get_magic_quotes_gpc()) {
  17. $str = addslashes($str); // Filter
  18. }
  19. $str = str_replace("_", "_", $str);
  20. $str = str_replace("%", "%", $str);
  21. return $str;
  22. }
  23. function post_check($post) {
  24. if(!get_magic_quotes_gpc()) {
  25. $post = addslashes($post);
  26. }
  27. $post = str_replace("_", "_", $post);
  28. $post = str_replace("%", "%", $post);
  29. $post = nl2br ($post);
  30. $post = htmlspecialchars($post);
  31. return $post;
  32. }
Copy code

PHP, sql


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn