PHP implements a general method to prevent sql injection

function inject_check($sql_str) {
 return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile' , $sql_str);
}
function verify_id($id=null) {
 if(!$id) {
 exit('No parameters submitted!');
 } elseif(inject_check($id)) {
 exit( 'The submitted parameter is illegal! ');
 } elseif(!is_numeric($id)) {
 exit('The submitted parameter is illegal!');
 }
 $id = intval($id);

 return $id ;
}
function str_check( $str ) {
 if(!get_magic_quotes_gpc()) {
 $str = addslashes($str); // Filter
 }
 $str = str_replace("_", "_", $str);
 $str = str_replace("%", "%", $str);

 return $str;
}
function post_check($post) {
 if(!get_magic_quotes_gpc()) {
 $post = addslashes($post);
 }
 $post = str_replace("_", "_", $post);
 $post = str_replace("%", "%", $post);
 $post = nl2br ($post);
 $post = htmlspecialchars($post);

 return $post;
}

PHP, sql