Home > Backend Development > PHP Tutorial > Easy-to-understand PHP anti-injection code_PHP tutorial

Easy-to-understand PHP anti-injection code_PHP tutorial

WBOY
Release: 2016-07-21 15:39:23
Original
935 people have browsed it

Let’s introduce two methods. First, please save the following code as safe.php in the root directory of the website, and then add include(“/safe.php“); in front of each php file:

php anti-injection code method one:

Copy code The code is as follows:

//Illegal characters to be filtered
$ArrFiltrate=array(”'”,”;”,”union”);
//The url to be redirected after an error occurs, if not filled in, the previous page will be defaulted
$StrGoUrl=””;
//Whether there is a value in the array
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if (eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}
//Merge $_POST and $_GET
if(function_exists(array_merge)){
$ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);
}else{
foreach($HTTP_POST_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
foreach($HTTP_GET_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
}
//Verification starts
foreach($ArrPostAndGet as $key=>$value){
if (FunStringExist($value,$ArrFiltrate)){
echo “";
if (emptyempty($StrGoUrl)){
echo "”;
}else{
echo “ ";
}
exit;
}
}
?>

php anti-injection code method two:
Copy code The code is as follows:

/* Filter all GET variables*/
foreach ($_GET as $get_key=> ;$get_var)
{
if (is_numeric($get_var)) {
$get[strtolower($get_key)] = get_int($get_var);
} else {
$get [strtolower($get_key)] = get_str($get_var);
}
}
/* Filter all POST variables*/
foreach ($_POST as $post_key=>$post_var )
{
if (is_numeric($post_var)) {
$post[strtolower($post_key)] = get_int($post_var);
} else {
$post[strtolower( $post_key)] = get_str($post_var);
}
}
/* Filter function*/
//Integer filter function
function get_int($number)
{
return intval($number);
}
//String filter function
function get_str($string)
{
if (!get_magic_quotes_gpc()) {
return addslashes($string);
}
return $string;
}

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/321597.htmlTechArticleIntroduce two methods. First, please save the following code as safe.php and place it in the root directory of the website, and then Just add include("/safe.php"); before each php file: PHP anti-injection code method 1...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template