search

Home >Backend Development >PHP Tutorial >asp.net anti-injection relatively easy to use PHP anti-injection vulnerability filtering function code

asp.net anti-injection relatively easy to use PHP anti-injection vulnerability filtering function code

WBOY
WBOYOriginal
2016-07-29 08:48:22938browse

Copy the code The code is as follows:


//PHP whole site anti-injection program, you need to require_once this file in the public file
//Judge the magic_quotes_gpc status
if (@get_magic_quotes_gpc ()) {
$_GET = sec ( $_GET );
$_POST = sec ( $_POST );
$_COOKIE = sec ( $_COOKIE );
$_FILES = sec ( $_FILES );
}
$_SERVER = sec ( $_SERVER );
function sec(&$array) {
//If it is an array, traverse the array and call recursively
if (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$ array [$k] = sec ( $v );
}
} else if (is_string ( $array )) {
//Use addslashes function to process
$array = addslashes ( $array );
} else if (is_numeric ( $array )) {
$array = intval ( $array );
}
return $array;
}
//Integer filter function
function num_check($id) {
if (! $id) {
die ( 'The parameter cannot be empty!' );
} //Judgment of whether it is empty
else if (inject_check ( $id )) {
die ( 'Illegal parameter' );
} // Judgment of injection
else if (! is_numetic ( $id )) {
die ( 'illegal parameter' );
}
//Number judgment
$id = intval ( $id );
//Integerization
return $id;
}
//Character Filter function
function str_check($str) {
if (inject_check ( $str )) {
die ( 'illegal parameter' );
}
//Injection judgment
$str = htmlspecialchars ( $str );
//Conversion html
return $str;
}
function search_check($str) {
$str = str_replace ( "_", "_", $str );
//Filter out "_"
$str = str_replace ( " %", "%", $str );
//Filter out "%"
$str = htmlspecialchars ( $str );
//Convert html
return $str;
}
//Form filter function
function post_check($str, $min, $max) {
if (isset ( $min ) && strlen ( $str ) < $min) {
die ( 'minimum $min bytes' );
} else if (isset ( $max ) && strlen ( $str ) > $max) {
die ( 'Up to $max bytes' );
}
return stripslashes_array ( $str );
}
//Anti-injection function
function inject_check( $sql_str) {
return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );
// www.jb51 .net filtering to prevent injection
}
function stripslashes_array(&$array) {
if (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$array [$k] = stripslashes_array ( $v );
}
} else if (is_string ( $array )) {
$array = stripslashes ( $array );
}
return $array;
}
?>

The above introduces the relatively easy-to-use PHP anti-injection vulnerability filtering function code of asp.net anti-injection, including the content of asp.net anti-injection. I hope it will be helpful to friends who are interested in PHP tutorials.

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Does gloryglorymanunited PHP __autoload method really affect performance?Next article:Does gloryglorymanunited PHP __autoload method really affect performance?

Related articles

See more