这样能做到防注入?

WBOY
Release: 2016-06-23 14:23:48
Original
1109 people have browsed it

function defend_xss($val){	return is_array($val) ? $val : htmlspecialchars($val);}function gpc($name,$w = 'GPC',$default = '',$d_xss=1){	global $curr_script;	if($curr_script==ADMINCP){		$d_xss = 0;	}	$i = 0;	for($i = 0; $i < strlen($w); $i++) {		if($w[$i] == 'G' && isset($_GET[$name])) return $d_xss ? defend_xss($_GET[$name]) : $_GET[$name];		if($w[$i] == 'P' && isset($_POST[$name])) return $d_xss ? defend_xss($_POST[$name]) : $_POST[$name];		if($w[$i] == 'C' && isset($_COOKIE[$name])) return $d_xss ? defend_xss($_COOKIE[$name]) : $_COOKIE[$name];	}	return $default;}
Copy after login


<?php$test = gpc('test','P','')$userid = @$db->result_first("select userid from user where username='$test'");....以下代码省略?>
Copy after login


能做到防注入吗


回复讨论(解决方案)

不能!
你没有对特殊字符 ' 做任何处理

不能!
你没有对特殊字符 ' 做任何处理

function addslashes_array(&$array) {	if(is_array($array)){		foreach($array as $k => $v) {			$array[$k] = addslashes_array($v);		}	}elseif(is_string($array)){		$array = addslashes($array);	}	return $array;}
Copy after login

if(!@get_magic_quotes_gpc()){	$_GET = addslashes_array($_GET);	$_POST = addslashes_array($_POST);	$_COOKIE = addslashes_array($_COOKIE);}
Copy after login


再加两行代码 这样是否可以做到呢

单引号等,可以考虑使用mysql等自己的函数转换

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template