Perfect PHP anti-SQL injection code_PHP tutorial

WBOY
Release: 2016-07-13 17:10:15
Original
1422 people have browsed it

A relatively perfect PHP anti-SQL injection code. Many beginners have the experience of being SQL injection. Today we will share with you a relatively complete SQL anti-injection code. Students in need can refer to it/

 代码如下 复制代码
/*************************
说明:
判断传递的变量中是否含有非法字符

如$_POST、$_GET
功能:
防注入
*************************/
//要过滤的非法字符
$ArrFiltrate=array("'","or","and","union","where");
//出错后要跳转的url,不填则默认前一页
$StrGoUrl="";
//是否存在数组中的值
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
 if (eregi($value,$StrFiltrate)){
   return true;
 }
 }
 return false;
 }
 //合并$_POST 和 $_GET
 if(function_exists(array_merge)){
 $ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);
 }else{
 foreach($HTTP_POST_VARS as $key=>$value){
 $ArrPostAndGet[]=$value;
 }
 foreach($HTTP_GET_VARS as $key=>$value){
 $ArrPostAndGet[]=$value;
 }
 }
 //验证开始
 foreach($ArrPostAndGet as $key=>$value){
 if (FunStringExist($value,$ArrFiltrate)){
 echo "";
 if (empty($StrGoUrl)){
 echo "";
 }else{
 echo "";
 }
 exit;
 }
 }
 /***************结束防止PHP注入*****************/
 ?>

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629674.htmlTechArticleA relatively perfect PHP anti-SQL injection code. Many beginners have experience of SQL injection. Today Let us share with you a relatively complete SQL injection prevention code. Students in need can refer to...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template