PHP code example to prevent sql injection

WBOY
Release: 2016-07-25 08:55:24
Original
1179 people have browsed it
  1. Function inject_check($sql_str) {
  2. return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);
  3. }
  4. if (inject_check($_SERVER['QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){
  5. //echo "警告 非法访问!";
  6. header("Location: Error.php");
  7. }
复制代码

例2,批量过滤post,get敏感数据

  1. $_GET = stripslashes_array($_GET);

  2. $_POST = stripslashes_array($_POST);

  3. //数据过滤函数

  4. function stripslashes_array(&$array) {
  5. while(list($key,$var) = each($array)) {
  6. if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
  7. if (is_string($var)) {
  8. $array[$key] = stripslashes($var);
  9. } // bbs.it-home.org
  10. if (is_array($var)) {
  11. $array[$key] = stripslashes_array($var);
  12. }
  13. }
  14. }
  15. return $array;
  16. }

复制代码

例3,替换HTML尾标签、为过滤服务。

  1. //防止sql注入
  2. function lib_replace_end_tag($str)
  3. {
  4. if (empty($str)) return false;
  5. $str = htmlspecialchars($str);
  6. $str = str_replace( '/', "", $str);
  7. $str = str_replace("\", "", $str);
  8. $str = str_replace(">", "", $str);
  9. $str = str_replace("<", "", $str);
  10. $str = str_replace("<SCRIPT>", "", $str);</li> <li> $str = str_replace("</SCRIPT>", "", $str);
  11. $str = str_replace("<script>", "", $str);</li> <li> $str = str_replace("</script>", "", $str);
  12. $str=str_replace("select","select",$str);
  13. $str=str_replace("join","join",$str);
  14. $str=str_replace("union","union",$str);
  15. $str=str_replace("where","where",$str);
  16. $str=str_replace("insert","insert",$str);
  17. $str=str_replace("delete","delete",$str);
  18. $str=str_replace("update","update",$str);
  19. $str=str_replace("like","like",$str);
  20. $str=str_replace("drop","drop",$str);
  21. $str=str_replace("create","create",$str);
  22. $str=str_replace("modify","modify",$str);
  23. $str=str_replace("rename","rename",$str);
  24. $str=str_replace("alter","alter",$str);
  25. $str=str_replace("cas","cast",$str);
  26. $str=str_replace("&","&",$str);
  27. $str=str_replace(">",">",$str);
  28. $str=str_replace("<","<",$str);
  29. $str=str_replace(" ",chr(32),$str);
  30. $str=str_replace(" ",chr(9),$str);
  31. $str=str_replace(" ",chr(9),$str);
  32. $str=str_replace("&",chr(34),$str);
  33. $str=str_replace("'",chr(39),$str);
  34. $str=str_replace("
    ",chr(13),$str);
  35. $str=str_replace("''","'",$str);
  36. $str=str_replace("css","'",$str);
  37. $str=str_replace("CSS","'",$str);
  38. return $str;
  39. }
复制代码

>>> 您可能感兴趣的文章: php防止SQL注入的方法分享 防止sql注入与跨站攻击的代码分享(初级实用型) php防sql注入函数mysql_real_escape_string解析 php防范sql注入的一些代码收集 php防止sql注入的方法解析 php 防注入的一段代码(过滤参数) 简明易懂的php sql防注入代码 php防止sql注入的代码 php实现sql防止注入的几种方法 一个不错的php通用防注入程序 php防止SQL注入的函数



source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template