SQL universal anti-injection system The anti-SQL injection code provided in this article is a PHP SQL double filtering illegal character function. It can prevent SQL injection according to the user's customization. First, it filters some SQL commands, and then filters the post get once. It is best. verify.
SQL universal anti-injection system
The anti-sql injection code provided in this article is a php tutorial sql double filtering function of illegal characters. It can prevent sql injection according to the user's customization. First, it filters some sql commands, and then filters the post get once. Finally, Good verification.
*/
//Anti-injection
$arrfiltrate=array("update","delete","selert","drop","exec","cast","'","union");
//The URL to jump to after an error occurs. If not filled in, the previous page will be defaulted
$strgourl="";
//Whether there is a value in the array
function funstringexist($strfiltrate,$arrfiltrate){
foreach ($arrfiltrate as $key=>$value){
If (eregi($value,$strfiltrate)){
return true;
}
}
return false;
}
//Merge $_post and $_get
if(function_exists(array_merge)){
$arrpostandget=array_merge($http_post_vars,$http_get_vars);
}else{
Foreach($http_post_vars as $key=>$value){
$arrpostandget[]=$value;
}
Foreach($http_get_vars as $key=>$value){
$arrpostandget[]=$value;
}
}
//Verification starts
foreach($arrpostandget as $key=>$value){
If (funstringexist($value,$arrfiltrate)){
echo " ";
If (empty($strgourl)){
echo " ";
}else{
echo " ";
}
echo "<script>alert('The system detected an illegal character!');history.back();</script>";
exit();
}
}
?>