The example in this article describes how to simply implement SQL injection prevention in PHP. Share it with everyone for your reference, the details are as follows:
There is not much filtering here, mainly for the combination of php and mysql.
For general injection prevention, just use PHP’s addslashes function.
The following is a copied code:
PHP code:
$_POST = sql_injection($_POST); $_GET = sql_injection($_GET); function sql_injection($content) { if (!get_magic_quotes_gpc()) { if (is_array($content)) { foreach ($content as $key=>$value) { $content[$key] = addslashes($value); } } else { addslashes($content); } } return $content; }
If you are building a system, you can use the following code, which is also copied.
PHP code:
function inject_check($sql_str) { return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // 进行过滤 } function verify_id($id=null) { if (!$id) { exit('没有提交参数!'); } // 是否为空判断 elseif (inject_check($id)) { exit('提交的参数非法!'); } // 注射判断 elseif (!is_numeric($id)) { exit('提交的参数非法!'); } // 数字判断 $id = intval($id); // 整型化 return $id; } function str_check( $str ) { if (!get_magic_quotes_gpc()) { // 判断magic_quotes_gpc是否打开 $str = addslashes($str); // 进行过滤 } $str = str_replace("_", "\_", $str); // 把 '_'过滤掉 $str = str_replace("%", "\%", $str); // 把 '%'过滤掉 return $str; } function post_check($post) { if (!get_magic_quotes_gpc()) { // 判断magic_quotes_gpc是否为打开 $post = addslashes($post); // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤 } $post = str_replace("_", "\_", $post); // 把 '_'过滤掉 $post = str_replace("%", "\%", $post); // 把 '%'过滤掉 $post = nl2br($post); // 回车转换 $post = htmlspecialchars($post); // html标记转换 return $post; }
Readers who are interested in more PHP-related content can check out the special topics of this site: "php programming security tutorial", "php security filtering skills summary", "PHP operations and operator usage summary" ", "Summary of PHP network programming skills", "Introduction tutorial on PHP basic syntax", "Summary of PHP office document skills (including word, excel, access, ppt)", "Introduction tutorial on PHP object-oriented programming", "php characters "Summary of String Usage", "Introduction Tutorial on PHP+MySQL Database Operation" and "Summary of Common PHP Database Operation Skills"
I hope this article will be helpful to everyone in PHP programming.
The above introduces how to simply implement SQL injection prevention in PHP, including SQL and PHP content. I hope it will be helpful to friends who are interested in PHP tutorials.