search

Home  >  Article  >  Backend Development  >  Very useful PHP filtering function code to prevent SQL injection vulnerabilities

Very useful PHP filtering function code to prevent SQL injection vulnerabilities

WBOY
WBOYOriginal
2016-07-25 09:03:421226browse
  2. //PHP whole site anti-injection program, you need to require_once this file in the public file
  3. //Judge the status of magic_quotes_gpc
  4. if (@get_magic_quotes_gpc ()) {
  5. $_GET = sec ( $_GET );
  6. $_POST = sec ( $_POST );
  7. $_COOKIE = sec ( $_COOKIE );
  8. $_FILES = sec ( $_FILES );
  9. }
  10. $_SERVER = sec ( $_SERVER );
  11. function sec(&$ array) {
  12. //If it is an array, traverse the array and call recursively
  13. if (is_array ( $array )) {
  14. foreach ( $array as $k => $v ) {
  15. $array [$k] = sec ( $v );
  16. }
  17. } else if (is_string ( $array )) {
  18. //Use addslashes function to process
  19. $array = addslashes ( $array );
  20. } else if (is_numeric ( $array )) {
  21. $ array = intval ( $array );
  22. }
  23. return $array;
  24. }
  25. //Integer filter function
  26. function num_check($id) {
  27. if (! $id) {
  28. die ( 'Parameter cannot be empty!' );
  29. } //Judgment of whether it is empty
  30. else if (inject_check ( $id )) {
  31. die ( 'illegal parameter' );
  32. } // Judgment of injection
  33. else if (! is_numetic ( $id )) {
  34. die ('Illegal parameter');
  35. }
  36. //Number judgment
  37. $id = intval ($id);
  38. //Integerization
  39. return $id;
  40. }
  41. //Character filter function
  42. function str_check($str ) {
  43. if (inject_check ( $str )) {
  44. die ( 'illegal parameter' );
  45. }
  46. //Injection judgment
  47. $str = htmlspecialchars ( $str );
  48. //Convert html
  49. return $str;
  50. }
  51. function search_check($str) {
  52. $str = str_replace ( "_", "_", $str );
  53. //Filter out "_"
  54. $str = str_replace ( "%", "%", $ str );
  55. //Filter out "%"
  56. $str = htmlspecialchars ( $str );
  57. //Convert html
  58. return $str;
  59. }
  60. //Form filter function
  61. function post_check($str, $min, $max) {
  62. if (isset ( $min ) && strlen ( $str ) < $min) {
  63. die ( 'minimum $min bytes' );
  64. } else if (isset ( $max ) && strlen ( $ str ) > $max) {
  65. die ( 'Up to $max bytes' );
  66. }
  67. return stripslashes_array ( $str );
  68. }
  69. //Anti-injection function
  70. function inject_check($sql_str) {
  71. return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );
  72. // Filter and prevent injection
  73. }
  74. function stripslashes_array( &$array) {
  75. if (is_array ( $array )) {
  76. foreach ( $array as $k => $v ) {
  77. $array [$k] = stripslashes_array ( $v );
  78. }
  79. } else if (is_string ( $array )) {
  80. $array = stripslashes ( $array );
  81. }
  82. return $array;
  83. }
  84. ?>
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Solution to the problem that nginx+php-fpm page displays blankNext article:Solution to the problem that nginx+php-fpm page displays blank

Related articles

See more