Example of filtering paging parameters in PHP to prevent sql injection, sql paging_PHP tutorial

PHP filter paging parameter example to prevent sql injection, sql paging

The example in this article describes the method of filtering paging parameters in PHP to prevent SQL injection. Share it with everyone for your reference. The specific analysis is as follows:

As far as network security is concerned, do not trust any input information on the Internet. We must perform parameter filtering for any input information. In this regard, let’s first take a look at the following example:

Copy code The code is as follows:

$this->load->library ( 'pagination' );
$config ['base_url'] = site_url () . '/guest/show';
$config ['total_rows'] = $c;
$config ['per_page'] = $pernum = 15;
$config ['uri_segment'] = 3;
$config ['use_page_numbers'] = TRUE;
$config ['first_link'] = 'First page';
$config ['last_link'] = 'Last page';
$config ['num_links'] = 5;
$this->pagination->initialize ( $config );
if (! $this->uri->segment ( 3 )) {
$currentnum = 0;
} else {
$currentnum = is_numeric($this->uri->segment ( 3 ))?(intval($this->uri->segment ( 3 ) - 1)) * $pernum:0;
}

$current_page=is_numeric($this->uri->segment ( 3 ))?intval($this->uri->segment ( 3 )):1;
if($current_page){
$data ['title'] = 'Page '.$current_page.'-Guestbook-Anti-SQL injection test';
}
else{
$data ['title'] = 'Guestbook-Anti-SQL injection test';
}

$data ['liuyan'] = $this->ly->getLy ( $pernum, $currentnum );

Among them:

Copy code The code is as follows:

$current_page=is_numeric($this->uri->segment (3))?intval ($this->uri->segment ( 3 )):1;
$currentnum = is_numeric($this->uri->segment ( 3 ))?(intval($this->uri->segment ( 3 ) - 1)) * $pernum;

These two sentences determine whether the parameter is a number. Prevent illegal character input.

I hope this article will be helpful to everyone’s PHP programming design.

php filter sql injection, newbie

I wrote a code to prevent SQL injection in PHP4 environment. After actual use, it is also compatible under PHP5. Everyone is welcome to modify and use it.
The code is as follows:
/*
sqlin anti-injection class
*/
class sqlin
{

//dowith_sql($ value)
function dowith_sql($str)
{
$str = str_replace("and","",$str);
$str = str_replace("execute","",$ str);
$str = str_replace("update","",$str);
$str = str_replace("count","",$str);
$str = str_replace(" chr","",$str);
$str = str_replace("mid","",$str);
$str = str_replace("master","",$str);
$str = str_replace("truncate","",$str);
$str = str_replace("char","",$str);
$str = str_replace("declare","" ,$str);
$str = str_replace("select","",$str);
$str = str_replace("create","",$str);
$str = str_replace ("delete","",$str);
$str = str_replace("insert","",$str);
$str = str_replace("'","",$str);
$str = str_replace(""","",$str);
$str = str_replace(" ","",$str);
$str = str_replace("or"," ",$str);
$str = str_replace("=","",$str);
$str = str_replace("%20","",$str);
// echo $str;
return $str;
}
//aticle() Anti-SQL injection function
function sqlin()
{
foreach ($_GET as $key=> ;$value)
{
$_GE...the rest of the text>>

PHP SQL injection prevention problem

Basically, I use the two methods htmlspecialchars() and mysql_escape_string() to process the obtained parameters. .

http://www.bkjia.com/PHPjc/904932.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/904932.htmlTechArticleAn example of filtering paging parameters in php to prevent sql injection, sql paging. This article describes the filtering paging parameters in php to prevent sql injection. method. Share it with everyone for your reference. The specific analysis is as follows:...