Home >Backend Development >PHP Tutorial >Very useful PHP filtering function code to prevent SQL injection vulnerabilities

Very useful PHP filtering function code to prevent SQL injection vulnerabilities

WBOY
WBOYOriginal
2016-07-25 09:03:421243browse
  1. //PHP whole site anti-injection program, you need to require_once this file in the public file
  2. //Judge the status of magic_quotes_gpc
  3. if (@get_magic_quotes_gpc ()) {
  4. $_GET = sec ( $_GET );
  5. $_POST = sec ( $_POST );
  6. $_COOKIE = sec ( $_COOKIE );
  7. $_FILES = sec ( $_FILES );
  8. }
  9. $_SERVER = sec ( $_SERVER );
  10. function sec(&$ array) {
  11. //If it is an array, traverse the array and call recursively
  12. if (is_array ( $array )) {
  13. foreach ( $array as $k => $v ) {
  14. $array [$k] = sec ( $v );
  15. }
  16. } else if (is_string ( $array )) {
  17. //Use addslashes function to process
  18. $array = addslashes ( $array );
  19. } else if (is_numeric ( $array )) {
  20. $ array = intval ( $array );
  21. }
  22. return $array;
  23. }
  24. //Integer filter function
  25. function num_check($id) {
  26. if (! $id) {
  27. die ( 'Parameter cannot be empty!' );
  28. } //Judgment of whether it is empty
  29. else if (inject_check ( $id )) {
  30. die ( 'illegal parameter' );
  31. } // Judgment of injection
  32. else if (! is_numetic ( $id )) {
  33. die ('Illegal parameter');
  34. }
  35. //Number judgment
  36. $id = intval ($id);
  37. //Integerization
  38. return $id;
  39. }
  40. //Character filter function
  41. function str_check($str ) {
  42. if (inject_check ( $str )) {
  43. die ( 'illegal parameter' );
  44. }
  45. //Injection judgment
  46. $str = htmlspecialchars ( $str );
  47. //Convert html
  48. return $str;
  49. }
  50. function search_check($str) {
  51. $str = str_replace ( "_", "_", $str );
  52. //Filter out "_"
  53. $str = str_replace ( "%", "%", $ str );
  54. //Filter out "%"
  55. $str = htmlspecialchars ( $str );
  56. //Convert html
  57. return $str;
  58. }
  59. //Form filter function
  60. function post_check($str, $min, $max) {
  61. if (isset ( $min ) && strlen ( $str ) < $min) {
  62. die ( 'minimum $min bytes' );
  63. } else if (isset ( $max ) && strlen ( $ str ) > $max) {
  64. die ( 'Up to $max bytes' );
  65. }
  66. return stripslashes_array ( $str );
  67. }
  68. //Anti-injection function
  69. function inject_check($sql_str) {
  70. return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );
  71. // Filter and prevent injection
  72. }
  73. function stripslashes_array( &$array) {
  74. if (is_array ( $array )) {
  75. foreach ( $array as $k => $v ) {
  76. $array [$k] = stripslashes_array ( $v );
  77. }
  78. } else if (is_string ( $array )) {
  79. $array = stripslashes ( $array );
  80. }
  81. return $array;
  82. }
  83. ?>
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn