<table cellspacing="0" cellpadding="0"><tr><td class="t_f" id="postmessage_51370"> 放到公用调用文件(如conn数据库链接文件),对所有GET或POST的数据进行过滤特殊字符串,以实现简单有效的SQL注入过滤。PHP初学者,欢迎批评指点 谢谢!<br> <br> <br> <br> <br> <div class="blockcode"> <div id="code_hB5"><ol> <li>Function inject_check($sql_str) {</li> <li> return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);</li> <li>}</li> <li>if (inject_check($_SERVER['QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){</li> <li> //echo "警告 非法访问!";</li> <li> header("Location: Error.php");</li> <li>}</li> </ol></div> <em onclick="copycode($('code_hB5'));">复制代码</em> </div> <br> <br> <br> <div class="blockcode"> <div id="code_Bzg"><ol> <li>Function inject_check($sql_str) {</li> <li> return preg_match('/select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile/i', $sql_str);</li> <li>}</li> <li>if (inject_check($_SERVER['QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){</li> <li> //echo "警告 非法访问!";</li> <li> header("Location: Error.php");</li> <li> exit;</li> <li>}</li> </ol></div> <em onclick="copycode($('code_Bzg'));">复制代码</em> </div> </td></tr></table> <div id="comment_51370" class="cm"> </div> <div id="post_rate_div_51370"></div> <br><br>