discuz's php prevents sql injection function
Recently I was working on a topic voting website, and the client knew some programming stuff. There are special requirements to filter some characters to prevent SQL injection. Originally there was no special research in this area. Haha, once again carrying forward the use-ism. Get the sql anti-injection function from the discuz forum!
Copy the code The code is as follows:
$magic_quotes_gpc = get_magic_quotes_gpc();
@extract(daddslashes($_POST));
@extract(daddslashes($_POST));
@extract(dadds lashes($ _GET));
if(!$magic_quotes_gpc) {
$_FILES = daddslashes($_FILES);
}
function daddslashes($string, $force = 0) {
if(!$GLOBALS['magic_quotes_gpc'] || $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
You can enhance the following code to protect the security of the server. It is very important for PHP to prevent SQL injection security functions!
Copy code The code is as follows:
/*
Function name: inject_check()
Function function: Detect whether the submitted value contains SQL injection characters, prevent injection, and protect server security
Parameter: $sql_str : Submitted variable
Return value: Return detection result, true or false
*/
function inject_check($sql_str) {
return eregi('select|insert|and|or|update|delete|'|/*|*| ../|./|union|into|load_file|outfile', $sql_str); // Filter
}
/*
Function name: verify_id()
Function function: Verify whether the submitted ID class value is legal
Parameters: $id: Submitted ID value
Return value: Returns the processed ID
*/
function verify_id($id=null) {
if (!$id) { exit('No parameters submitted!'); } // Determination of whether it is empty
elseif (inject_check($id)) { exit('The submitted parameters are illegal!'); } // Injection judgment
elseif (!is_numeric($id)) { exit('The submitted parameters are illegal ! '); } // Numeric judgment
$id = intval($id); // Integerization
return $id;
}
/*
Function name: str_check()
Function function: for the submitted string Filter
Parameters: $var: String to be processed
Return value: Return filtered string
*/
function str_check( $str ) {
if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is turned on
$str = addslashes($str); // Filter
}
$str = str_replace("_", "_", $str); // Filter out '_'
$str = str_replace("%" , "%", $str); // Filter out '%'
return $str;
}
/*
Function name: post_check()
Function function: Process the submitted editing content
Parameter: $post : Content to be submitted
Return value: $post: Return filtered content
*/
function post_check($post) {
if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is open
$post = addslashes( $post); // Filter the submitted data when magic_quotes_gpc is not turned on
}
$post = str_replace("_", "_", $post); // Filter out '_'
$post = str_replace ("%", "%", $post); // Filter out '%'
$post = nl2br($post); // Enter conversion
$post = htmlspecialchars($post); // html tag Convert
return $post;
}
The above introduces discuz's PHP function to prevent SQL injection, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

For PHP developers, using POST to jump to pages with parameters is a basic skill. POST is a method of sending data in HTTP. It can submit data to the server through HTTP requests. The jump page processes and jumps the page on the server side. In actual development, we often need to use POST with parameters to jump to pages to achieve certain functional purposes.

Previously, MagicEden, a mainstream NFT market on the SOL chain, launched the Launchpad function. Prior to this, PANews has introduced the operating status of MagicEden and provided analysis on optimizing operating methods and investment methods for NFT trading platforms and users. Recently, MagicEden launched new activities in terms of operations and introduced diamond rewards to motivate users to use its products. In this article, PANews will explain in detail how to get MagicEden’s diamond reward and evaluate whether this reward is worth earning. Are MagicEden Diamond Rewards worth earning? According to the official blog, the MagicEden platform now offers users more long-term benefits through Diamond Rewards empowerment.

PHP is a widely used server-side scripting language that can be used to create interactive and dynamic web applications. When developing PHP applications, we usually need to submit user input data to the server for processing through forms. However, sometimes we need to determine whether form data has been submitted in PHP. This article will introduce how to make such a determination.

Python simulates the browser sending post requests importrequests format request.postrequest.post(url,data,json,kwargs)#post request format request.get(url,params,kwargs)#Compared with get request, sending post request parameters are divided into forms ( x-www-form-urlencoded) json (application/json) data parameter supports dictionary format and string format. The dictionary format uses the json.dumps() method to convert the data into a legal json format string. This method requires

According to news on June 13, today evening, Honor’s first small folding screen Honor Magic VFlip officially debuted. Different from other small foldables, Honor MagicVFlip brings the industry's largest vertically folding magic external screen. Its screen size is 4.0 inches, using a four-curved and equal-depth design. The screen-to-body ratio has reached an unprecedented 85%. From then on, the external screen is no longer The "secondary screen" is the main screen both inside and outside. At the same time, Honor MagicVFlip external screen also has screen quality comparable to flagships, industry-leading Honor eye protection screen, and full-scenario smart interaction. It is reported that the Honor MagicVFlip external screen is a global low-power LTPO external screen that achieves an industry-leading local peak brightness of 2500nit.

1. Java calls post interface 1. Use URLConnection or HttpURLConnection that comes with java. There is no need to download other jar packages. Call URLConnection. If the interface response code is modified by the server, the return message cannot be received. It can only be received when the response code is correct. to return publicstaticStringsendPost(Stringurl,Stringparam){OutputStreamWriterout=null;BufferedReaderin=null;StringBuilderresult=newSt

The magic system cannot be upgraded to Hongmeng, because the magic system belongs to Honor phones, and Honor has been separated from Huawei and is no longer a subsidiary of Huawei. Therefore, Honor phones released after November 17, 2020 do not support upgrading to Hongmeng. systematic.

实现如下:server{listen80;listen443ssl;server_namenirvana.test-a.gogen;ssl_certificate/etc/nginx/ssl/nirvana.test-a.gogen.crt;ssl_certificate_key/etc/nginx/ssl/nirvana.test-a.gogen.key;proxy_connect_timeout600;proxy_read_timeout600;proxy_send_timeout600;c
