Perfect PHP anti-SQL injection code_PHP tutorial

A relatively perfect PHP anti-SQL injection code. Many beginners have the experience of being SQL injection. Today we will share with you a relatively complete SQL anti-injection code. Students in need can refer to it/

代码如下

复制代码

/************************* 说明： 判断传递的变量中是否含有非法字符 如$_POST、$_GET 功能： 防注入 *************************/ //要过滤的非法字符 $ArrFiltrate=array("'","or","and","union","where"); //出错后要跳转的url,不填则默认前一页 $StrGoUrl=""; //是否存在数组中的值 function FunStringExist($StrFiltrate,$ArrFiltrate){ foreach ($ArrFiltrate as $key=>$value){  if (eregi($value,$StrFiltrate)){    return true;  }  }  return false;  }  //合并$_POST 和 $_GET  if(function_exists(array_merge)){  $ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);  }else{  foreach($HTTP_POST_VARS as $key=>$value){  $ArrPostAndGet[]=$value;  }  foreach($HTTP_GET_VARS as $key=>$value){  $ArrPostAndGet[]=$value;  }  }  //验证开始  foreach($ArrPostAndGet as $key=>$value){  if (FunStringExist($value,$ArrFiltrate)){  echo "";  if (empty($StrGoUrl)){  echo "";  }else{  echo "";  }  exit;  }  }  /***************结束防止PHP注入*****************/  ?>

http://www.bkjia.com/PHPjc/629674.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629674.htmlTechArticleA relatively perfect PHP anti-SQL injection code. Many beginners have experience of SQL injection. Today Let us share with you a relatively complete SQL injection prevention code. Students in need can refer to...