php anti-injection code_PHP tutorial

This article provides some commonly used basic SQL injection prevention codes for PHP programmers. We can customize some unsafe SQL statements or commands to judge and then prevent program execution.

This article provides some commonly used basic SQL anti-injection codes for PHP programmers. We can customize some unsafe SQL statements or commands to judge and prevent program execution.

//Illegal characters to be filtered
$ArrFiltrate=array("'",";","union");

//Error The url to be jumped after, if not filled in, the previous page will be defaulted
$StrGoUrl="";

//Whether there is a value in the array
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if (eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}

//Merge $_POST and $_GET

if(function_exists(array_merge)){

$ ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);

}else{

foreach($HTTP_POST_VARS as $key=>$value){

$ArrPostAndGet[]=$value;

}

foreach($HTTP_GET_VARS as $key=>$value){

$ArrPostAndGet[]=$value;

}

}

//Verification starts

foreach($ArrPostAndGet as $key=>$value){

if (FunStringExist($value,$ArrFiltrate)){

/ /echo "";

if (empty($StrGoUrl)){

echo "";

}else{

echo "";

}

exit;

}

}

?>

http://www.bkjia.com/PHPjc/445036.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/445036.htmlTechArticleThis article provides some commonly used basic SQL injection prevention codes for PHP programmers. We can customize some Unsafe SQL statements or commands are judged and then prevent program execution. Ben...