Home  >  Article  >  Backend Development  >  PHP anti-sql injection filtering code

PHP anti-sql injection filtering code

高洛峰
高洛峰Original
2016-11-29 15:10:481974browse

We provide three functions to filter out some special characters. They mainly use PHP to filter out SQL sensitive strings. Now let’s take a look at this code. Friends in need can take a look and give an example. The code is as follows:

function phpsql_show($str){

$str = stripslashes($str);

$str = str_replace("\", "", $str);

$str = str_replace ("/", "/", $str);

$str = str_replace(" ", " ", $str);

$str = str_replace("," , ",", $str);

return $str;

}

function phpsql_post($str){

$str = stripslashes($str);

$str = str_replace("|", " |", $str);

$str = str_replace("<", "<", $str);

$str = str_replace(">", "> ", $str);

$str = str_replace(" ", " ", $str);

$str = str_replace(" ", " ", $str);

$str = str_replace("(", "(", $str);

$str = str_replace(")", ")", $str);

$str = str_replace ("`", "`", $str);

//$str = str_replace("'", "'", $str);

$str = str_replace('"' , """, $str);

$str = str_replace(",", ",", $str);

$str = str_replace("$", "$ ", $str);

$str = str_replace("", "\", $str);

$str = str_replace("/", "/", $str);

return $str;

}//Open source code phpfensi.com

function phpsql_replace($str){

$str = stripslashes($str);

$str = str_replace("'", "' ;", $str);

return $str;

}


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn