Several ways to prevent injection in php_PHP tutorial

WBOY
Release: 2016-07-13 17:09:47
Original
1006 people have browsed it

php tutorial several ways to prevent injection

In fact, it turns out that we need to filter some of our common keywords and matches, such as:

select, insert, update, delete, and, *, etc.

Example:

function inject_check($sql_str) {
return eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file
|outfile', $sql_str); // Filter
}

Or filter special symbols between system functions

addslashes (content that needs to be filtered)

2. PHP security settings in other places

1. register_globals = off is set to off state

2. When writing sql statements, try not to omit small quotes and single quotes

select * from table where id=2 (not standardized)

select * from ·table· where ·id·=’2’ (standard)

3. Correctly use $_post $_get $_session, etc. to accept parameters and filter them

4. Improve naming skills in database tutorials. Some important fields can be named according to program characteristics

5. Encapsulate common methods to avoid direct exposure of sql statements

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629718.htmlTechArticlephp tutorial There are several ways to prevent injection. In fact, it turns out that we need to filter some of our common keywords and matches, such as: select, insert, update, delete, and, *, etc. Examples:...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template