Home >Backend Development >PHP Tutorial >PHP simple code to prevent SQL injection

PHP simple code to prevent SQL injection

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
2016-07-25 08:49:13899browse
Put it in a common call file (such as the conn database link file) and filter all GET or POST data with special strings to achieve simple and effective SQL injection filtering. PHP beginners, welcome criticism and advice. Thank you!
                 
                                                                                                                                                                                                                                                                                                                  


Function inject_check($sql_str) {
Return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile' , $sql_str);
    }
  1. if (inject_check($_SERVER['QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){
  2. //echo "Warning of illegal access ! ";
  3.                                                                                                                                                                                                                                                                                                                                  OnFunction Inject_check ($ SQL_STR) {
  4. Return Preg_match ('/Select | Insert | AND | OPDATE | DELETE |/*|*| ./ | UNION | Into | LOAD_FILE | OUUUU TFILE /i', $sql_str);
  5. }
  6. if (inject_check($_SERVER['QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){
  7.                                         //echo " Warning illegal access! ";
" header("Location: Error.php");
" exit;}

Copy code

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn