Home >Backend Development >PHP Tutorial >Simple and easy to understand php sql anti-injection code

Simple and easy to understand php sql anti-injection code

WBOY
WBOYOriginal
2016-07-25 09:03:401063browse
  1. //Illegal characters to be filtered
  2. $ArrFiltrate=array("'",";","union");
  3. //The url to be redirected after an error occurs, if not filled in Default previous page
  4. $StrGoUrl="";
  5. //Whether there is a value in the array
  6. function FunStringExist($StrFiltrate,$ArrFiltrate){
  7. foreach ($ArrFiltrate as $key=>$value){
  8. if (eregi ($value,$StrFiltrate)){
  9. return true;
  10. }
  11. }
  12. return false;
  13. }
  14. //Merge $_POST and $_GET
  15. if(function_exists(array_merge)){
  16. $ArrPostAndGet=array_merge($HTTP_POST_VARS, $HTTP_GET_VARS);
  17. }else{
  18. foreach($HTTP_POST_VARS as $key=>$value){
  19. $ArrPostAndGet[]=$value;
  20. }
  21. foreach($HTTP_GET_VARS as $key=>$value){
  22. $ArrPostAndGet[]=$value;
  23. }
  24. }
  25. //Verification starts
  26. foreach($ArrPostAndGet as $key=>$value){
  27. if (FunStringExist($value,$ArrFiltrate)){
  28. echo “< script language=”javascript”>alert(“Illegal character”);”;
  29. if (emptyempty($StrGoUrl)){
  30. echo “”;
  31. }else{
  32. echo “”;
  33. }
  34. exit;
  35. }
  36. }
  37. ?>
Copy code

Method 2

  1. /* Filter all GET variables*/
  2. foreach ($_GET as $get_key=>$get_var)
  3. {
  4. if (is_numeric($get_var)) {
  5. $get[ strtolower($get_key)] = get_int($get_var);
  6. } else {
  7. $get[strtolower($get_key)] = get_str($get_var);
  8. }
  9. }
  10. /* Filter all POST variables*/
  11. foreach ($_POST as $post_key=>$post_var)
  12. {
  13. if (is_numeric($post_var)) {
  14. $post[strtolower($post_key)] = get_int($post_var);
  15. } else {
  16. $post[ strtolower($post_key)] = get_str($post_var);
  17. }
  18. }
  19. /* Filter function*/
  20. //Integer filter function
  21. function get_int($number)
  22. {
  23. return intval($number);
  24. }
  25. //String filter function
  26. function get_str($string)
  27. {
  28. if (!get_magic_quotes_gpc()) {
  29. return addslashes($string);
  30. }
  31. return $string;
  32. }
  33. ?>
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn