PHP prevents sql injection function (discuz)

$magic_quotes_gpc = get_magic_quotes_gpc();
@extract(daddslashes($_COOKIE));
@extract(daddslashes($_POST));
@extract(daddslashes($_GET));
if(!$magic_quotes_gpc) {
$_FILES = daddslashes($_FILES);
}
function daddslashes($string, $force = 0) {
if(!$GLOBALS[' magic_quotes_gpc'] || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force) ;
}
} else {
$string = addslashes($string);
}
}
return $string;
}

You can enhance the code below to protect it For server security, it is very important for PHP to prevent SQL injection security functions!

/*
Function name: inject_check()
Function function: Detect whether the submitted value contains SQL injection characters, prevent injection, and protect server security
Parameters: $sql_str: Submitted Variable bbs.it-home.org
Return value: Return detection result, true or false
*/
function inject_check($sql_str) {
return eregi('select|insert|and|or|update|delete|'|/ *|*|../|./|union|into|load_file|outfile', $sql_str); // Filter
}
/*
Function name: verify_id()
 Function: Verify whether the submitted ID value is legal
Parameters: $id: Submitted ID value
Return value: Return the processed ID
*/
function verify_id($id=null) {
if (!$id ) { exit('No parameters submitted!'); } // Judgment of whether it is empty
elseif (inject_check($id)) { exit('The parameters submitted are illegal!'); } // Judgment of injection
elseif (!is_numeric ($id)) { exit('The submitted parameter is illegal!'); } // Numeric judgment
$id = intval($id); // Integerization
return $id ;
}
/*
Function name: str_check()
Function function: filter the submitted string
Parameters: $var: the string to be processed
Return value: return filtering The string after
*/
function str_check( $str ) {
if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is turned on
$str = addslashes($str); // Filter
}
$str = str_replace("_", "_", $str); // Filter out '_'
$str = str_replace("%", "%", $str); // Filter out '%'< /p>
return $str;
}
/*
Function name: post_check()
Function function: Process the submitted editing content
Parameters: $post: Content to be submitted
Return value: $post: Return filtered content
*/
function post_check($post) {
if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is open
$post = addslashes($ post); // Filter the submitted data when magic_quotes_gpc is not turned on
}
$post = str_replace("_", "_", $post); // Filter out '_'
$post = str_replace( "%", "%", $post); // Filter out '%'
$post = nl2br($post); // Enter conversion
$post = htmlspecialchars($post); // HTML tag conversion

Put it in a common call file (such as the conn database link file) and filter all GET or POST data with special strings to achieve simple and effective SQL injection filtering.
Code: