Community Learn Tools Library Leisure

English

Home > Backend Development > PHP Tutorial > body text

PHP anti-sql injection program code_PHP tutorial

PHP中文网

Release： 2023-02-28 18:54:01

Original

1127 people have browsed it

Put it into a common call file (such as the conn database link file) and filter all GET or POST data with special strings to achieve simple and effective SQL injection filtering. PHP beginners, welcome criticism and advice. Thank you!

[Code] Simple function plus judgment

Function inject_check($sql_str) {
    return eregi(&#39;select|insert|and|or|update|delete|\&#39;|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile&#39;, $sql_str);
}
if (inject_check($_SERVER[&#39;QUERY_STRING&#39;])==1 or inject_check(file_get_contents("php://input"))==1){
    //echo "警告 非法访问！";
    header("Location: Error.php");
}

Copy after login

2. [Code] (Updated on December 23, 2013) Combined What do you think of everyone’s advice being changed to this? Thank you all for your continued criticism and advice! (not case sensitive)

Function inject_check($sql_str) {
    return preg_match(&#39;/select|insert|and|or|update|delete|\&#39;|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile/i&#39;, $sql_str);
}
if (inject_check($_SERVER[&#39;QUERY_STRING&#39;])==1 or inject_check(file_get_contents("php://input"))==1){
    //echo "警告 非法访问！";
    header("Location: Error.php");
    exit;
}

Copy after login

Related labels：

sql injection

source：php.cn

Previous article：Function to generate random string in php_PHP tutorial Next article：PHP Chinese character verification code program_PHP tutorial

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

7 PHP Functions I Regret I Didn't Know Before

2024-11-13 09:42:17
How to Locate Strings from Text Input in PHP

2024-11-13 09:42:16
How to fix PHP Curl HTTPS Certificate Authority issues on Windows

2024-11-11 12:24:02
How to read Java Bytecode for fun and profit

2024-10-22 13:03:13
Connecting to MySQL Using PHP

2024-10-22 11:44:46
DORA metrics: Best practices for engineering leaders

2024-10-18 17:59:07
LLMs: Transfer Learning with TensorFlow, Keras, Hugging Face

2024-10-18 17:52:44
IT skills you (and your tech teams) need to develop at work

2024-10-18 14:43:47
A Full Guide to Using PHP Configuration Files for Best Practice

2024-10-15 12:00:09
How to Import config.php File in a PHP Script?

2024-10-15 11:53:15

Latest Issues

Record query under partial value conditions - SQL skill sharing I have a table called zipcode which has a column called code. The Code column contains the...

From 2024-04-06 16:01:26

0

1

395

Efficient way to fill missing values in unordered map from SQL table (SQL/C++) Question Currently there is a system that reads unique identifiers (ids) and their attache...

From 2024-04-04 11:47:44

0

1

345

Illuminate\Database\QueryException: SQLSTATE: General error: 1364 Why can't I enter data? In the appointment table you don't want to enter the userid attrib...

From 2024-04-03 22:39:00

0

1

363

Unable to access sent messages using JavaScript in Postman Using the code below, I can enter information into my MySQL table in the post method and t...

From 2024-04-03 22:02:38

0

1

304

Content overflow in window prevents scrolling and hides new content I'm currently building a roulette system program (this is more to stop me from placing bet...

From 2024-04-03 21:24:55

0

1

285

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template