Community Learn Tools Library Leisure

English

Home > php教程 > php手册 > 输入值/表单提交参数过滤有效防止sql注入的方法

输入值/表单提交参数过滤有效防止sql注入的方法

WBOY

Release： 2016-06-13 10:18:48

Original

985 people have browsed it

输入值/表单提交参数过滤，防止sql注入或非法攻击的方法：

复制代码代码如下:

/**
* 过滤sql与php文件操作的关键字
* @param string $string
* @return string
* @author zyb
*/
private function filter_keyword( $string ) {
$keyword = 'select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile';
$arr = explode( '|', $keyword );
$result = str_ireplace( $arr, '', $string );
return $result;
}

/**
* 检查输入的数字是否合法，合法返回对应id，否则返回false
* @param integer $id
* @return mixed
* @author zyb
*/
protected function check_id( $id ) {
$result = false;
if ( $id !== '' && !is_null( $id ) ) {
$var = $this->filter_keyword( $id ); // 过滤sql与php文件操作的关键字
if ( $var !== '' && !is_null( $var ) && is_numeric( $var ) ) {
$result = intval( $var );
}
}
return $result;
}

/**
* 检查输入的字符是否合法，合法返回对应id，否则返回false
* @param string $string
* @return mixed
* @author zyb
*/
protected function check_str( $string ) {
$result = false;
$var = $this->filter_keyword( $string ); // 过滤sql与php文件操作的关键字
if ( !empty( $var ) ) {
if ( !get_magic_quotes_gpc() ) { // 判断magic_quotes_gpc是否为打开
$var = addslashes( $string ); // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤
}
//$var = str_replace( "_", "\_", $var ); // 把 '_'过滤掉
$var = str_replace( "%", "\%", $var ); // 把 '%'过滤掉
$var = nl2br( $var ); // 回车转换
$var = htmlspecialchars( $var ); // html标记转换
$result = $var;
}
return $result;
}

Related labels：

sql value parameter submit method efficient injection of form enter filter prevent

source：php.cn

Previous article：php下载excel无法打开的解决方法 Next article：thinkphp的CURD和查询方式介绍

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

What is a NullPointerException, and how do I fix it?

2024-10-22 09:46:29
From Novice to Coder: Your Journey Begins with C Fundamentals

2024-10-13 13:53:41
Unlocking Web Development with PHP: A Beginner's Guide

2024-10-12 12:15:51
Demystifying C: A Clear and Simple Path for New Programmers

2024-10-11 22:47:31
Unlock Your Coding Potential: C Programming for Absolute Beginners

2024-10-11 19:36:51
Unleash Your Inner Programmer: C for Absolute Beginners

2024-10-11 15:50:41
Automate Your Life with C: Scripts and Tools for Beginners

2024-10-11 15:07:41
PHP Made Easy: Your First Steps in Web Development

2024-10-11 14:21:21
Build Anything with Python: A Beginner's Guide to Unleashing Your Creativity

2024-10-11 12:59:11
The Key to Coding: Unlocking the Power of Python for Beginners

2024-10-11 12:17:31

Latest Issues

The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.

From 2024-04-19 15:37:47

0

1

1361

There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...

From 2024-04-18 23:52:34

0

1

1284

Unable to get input element from website So I'm trying to get an input element from Twitter, but when I run it it keeps giving me a...

From 2024-04-06 18:59:57

0

1

442

How to group and count in MySQL? I'm trying to write a query that extracts the total number of undeleted messages sent to f...

From 2024-04-06 18:30:17

0

1

353

Get the total return value of the input field method I'm trying to find the total value entered by the user. Get an aggregate that multiplies a...

From 2024-04-06 18:19:37

0

1

380

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template