Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

Several ways to prevent SQL injection in PHP

WBOY
Release: 2016-07-25 09:03:42
Original
967 people have browsed it
  2. /**
  3. * Prevent sql injection
  4. * @author: test@jbxue.com
  5. **/
  6. /**
  7. * reject sql inject
  8. */
  9. if (!function_exists (quote))
  10. {
  11. function quote($var)
  12. {
  13. if (strlen($var))
  14. {
  15. $var=!get_magic_quotes_gpc() ? $var : stripslashes($var);
  16. $var = str_replace("'","'",$var);
  17. }
  18. return "'$var'";
  19. }
  20. }
  21. if (!function_exists (hash_num)){
  22. function hash_num($input)
  23. {
  24. $hash = 5381;
  25. for ($i = 0; $i < strlen($str); $i++)
  26. {
  27. $c = ord($str{$i});
  28. $hash = (($hash << 5) + $hash) + $c;
  29. }
  30. return $hash;
  31. }
  32. }
  33. ?>
复制代码

测试:

  2. /**
  3. * 防sql测试代码
  4. CREATE TABLE IF NOT EXISTS `tb` (
  5. `id` int(10) unsigned NOT NULL auto_increment,
  6. `age` tinyint(3) unsigned NOT NULL,
  7. `name` char(100) NOT NULL,
  8. `note` text NOT NULL,
  9. PRIMARY KEY (`id`)
  10. ) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;
  11. **/
  12. include_once('common.php');
  13. var_dump(hash_num('dddd'));
  14. if(empty($_GET))
  15. {
  16. $_GET = array('age'=>'99','name'=>'a'b\'c";','note'=>"a'b'nC#");
  17. }
  18. $age = (int)$_GET['age'];
  19. $name = quote($_GET['name']);
  20. $note = quote($_GET['note']);
  21. $sql = "INSERT INTO `tb` ( `age`, `name`, `note`) VALUES
  22. ( $age, $name, $note)";
  23. var_dump($sql);
  24. ?>
复制代码

#-------------------- 方法二:

  3. $magic_quotes_gpc = get_magic_quotes_gpc();

  4. @extract(daddslashes($_COOKIE));
  5. @extract(daddslashes($_POST));
  6. @extract(daddslashes($_GET));
  7. if(!$magic_quotes_gpc) {
  8. $_FILES = daddslashes($_FILES);
  9. }

  10. function daddslashes($string, $force = 0) {

  11. if(!$GLOBALS['magic_quotes_gpc'] || $force) {
  12. if(is_array($string)) {
  13. foreach($string as $key => $val) {
  14. $string[$key] = daddslashes($val, $force);
  15. }
  16. } else {
  17. $string = addslashes($string);
  18. }
  19. }
  20. return $string;
  21. }
  22. ?>

复制代码

方法三:

  3. function inject_check($sql_str) { //防止注入
  4. $check = eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);
  5. if ($check) {
  6. echo "输入非法注入内容!";
  7. exit ();
  8. } else {
  9. return $sql_str;
  10. }
  11. }
  12. function checkurl() { //检查来路
  13. if (preg_replace("/https教程?://([^:/]+).*/i", "1", $_server['http_referer']) !== preg_replace("/([^:]+).*/", "1", $_server['http_host'])) {
  14. header("location: http://s.jbxue.com");
  15. exit();
  16. }
  17. }
  18. //调用
  19. checkurl();
  20. $str = $_get['url'];
  21. inject_check($sql_str);//这条可以在获取参数时执行操作
复制代码


Related labels:
php实现sql防止注入的几种方法
source:php.cn
Previous article:Blank page problem occurs when fastcgi_param runs php under nginx Next article:Solution to the problem that nginx+php-fpm page displays blank
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1979
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
2143
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1805
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1703
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1714
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template