The example in this article describes how to simply implement SQL injection prevention in PHP. Share it with everyone for your reference, the details are as follows:
There is not much filtering here, mainly for the combination of php and mysql.
For general injection prevention, just use PHP’s addslashes function.
The following is a copied code:
PHP code:
$_POST = sql_injection($_POST); $_GET = sql_injection($_GET); function sql_injection($content) { if (!get_magic_quotes_gpc()) { if (is_array($content)) { foreach ($content as $key=>$value) { $content[$key] = addslashes($value); } } else { addslashes($content); } } return $content; }
If you want to build a system, you can use the following code, which is also copied.
PHP code:
function inject_check($sql_str) { return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // 进行过滤 } function verify_id($id=null) { if (!$id) { exit('没有提交参数!'); } // 是否为空判断 elseif (inject_check($id)) { exit('提交的参数非法!'); } // 注射判断 elseif (!is_numeric($id)) { exit('提交的参数非法!'); } // 数字判断 $id = intval($id); // 整型化 return $id; } function str_check( $str ) { if (!get_magic_quotes_gpc()) { // 判断magic_quotes_gpc是否打开 $str = addslashes($str); // 进行过滤 } $str = str_replace("_", "\_", $str); // 把 '_'过滤掉 $str = str_replace("%", "\%", $str); // 把 '%'过滤掉 return $str; } function post_check($post) { if (!get_magic_quotes_gpc()) { // 判断magic_quotes_gpc是否为打开 $post = addslashes($post); // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤 } $post = str_replace("_", "\_", $post); // 把 '_'过滤掉 $post = str_replace("%", "\%", $post); // 把 '%'过滤掉 $post = nl2br($post); // 回车转换 $post = htmlspecialchars($post); // html标记转换 return $post; }
Readers who are interested in more PHP-related content can check out the special topics of this site: "php programming security tutorial", "php security filtering skills summary", "Summary of PHP operations and operator usage", "Summary of PHP network programming skills", "PHP basic syntax introductory tutorial", "PHP operating office document skills Summary (including word, excel, access, ppt) ", "php object-oriented programming introductory tutorial ", "php string (string) usage summary ", " php mysql database operation introductory tutorial" and "php common database operation skills summary"
I hope this article will be helpful to everyone in PHP programming.