php tutorial to prevent sql injection code
*/
function inject_check($sql_str) { //Prevent injection
$check = eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);
if ($check) {
echo "Enter illegal injection content!";
exit ();
} else {
Return $sql_str;
}
}
function checkurl() { //Check the source
if (preg_replace("/httpstutorial?://([^:/]+).*/i", "1", $_server['http_referer']) !== preg_replace("/([^:] +).*/", "1", $_server['http_host'])) {
Header("location: http://www.zhutiai.com");
exit();
}
}
//Call
checkurl();
$str = $_get['url'];
inject_check($sql_str);//This can be performed when getting parameters