Home >Backend Development >PHP Tutorial >php sql anti-injection program code

php sql anti-injection program code

怪我咯
怪我咯Original
2017-07-12 15:18:5811146browse

SQL injection attacks refer to constructing special inputs and passing them into web applications as parameters. Most of these inputs are some combinations of SQL syntax. The main reason for this is to execute SQL statements and then perform the operations desired by the attacker. The program did not carefully filter the data entered by the user, causing illegal data to invade the system.

According to relevant technical principles, SQL injection can be divided into platform layer injection and code layer injection. The former is caused by insecure database configuration or database platform vulnerabilities; the latter is mainly caused by programmers not carefully filtering the input, thereby executing illegal data queries. Based on this, the causes of SQL injection usually manifest in the following aspects: ① Improper type processing; ② Unsafe database configuration; ③ Unreasonable query set processing; ④ Improper error handling; ⑤ Transfer Improper handling of semantic characters; ⑥ Improper handling of multiple submissions.

This article mainly introduces a general anti-injection code. The code is as follows:

function jk1986_checksql() 
{ 
$bad_str = "and|select|update|'|delete|insert|*"; 
$bad_Array = explode("|",$bad_str); 
/** 过滤Get参数 **/ 
foreach ($bad_Array as $bad_a) 
{ 
foreach ($_GET as $g) 
{ 
if (substr_count(strtolower($g),$bad_a) > 0) 
{ 
echo "<script>alert(&#39;诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660&#39;);location.href=&#39;index.php&#39;;</script>"; 
exit(); 
} 
} 
} 

/** 过滤Post参数 **/ 

foreach ($bad_Array as $bad_a) 
{ 
foreach ($_POST as $p) 
{ 
if (substr_count(strtolower($p),$bad_a) > 0) 
{ 
echo "<script>alert(&#39;诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660&#39;);location.href=&#39;index.php&#39;;</script>"; 
exit(); 
} 
} 
} 

/** 过滤Cookies参数 **/ 

foreach ($bad_Array as $bad_a) 
{ 
foreach ($_COOKIE as $co) 
{ 
if (substr_count(strtolower($co),$bad_a) > 0) 
{ 
echo "<script>alert(&#39;诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660&#39;);location.href=&#39;index.php&#39;;</script>"; 
exit(); 
} 
} 
} 
}

The above is the detailed content of php sql anti-injection program code. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn