For general injection prevention, just use PHP’s addslashes function.
Php code
$_POST = sql_injection($_POST);
$_GET = sql_injection($_GET);
function sql_injection($content) {
if (!get_magic_quotes_gpc()) {
if (is_array($content)) {
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
S addslashes ($ Content);
}}}
Return $ Content; eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str); // Filtering
}
Php code /** * Function name: inject_check() * Function function: Detect whether the submitted value contains SQL injection characters, prevent injection, and protect server security * Parameters: $sql_str: Submitted variable * Return value :Return the test result, true or false */ function verify_id($id=null) { if (!$id) { exit('No parameters submitted!'); } // Judgment of whether it is null or notelseif (inject_check($id)) { exit('The submitted parameters are illegal!'); } // Injection judgment elseif (!is_numeric($id)) { exit('The submitted parameters are illegal!'); } // Numerical judgment /** * Function name: verify_id()
* Function: Verify whether the submitted ID value is legal
* Parameters: $id: Submitted ID value
* Return value: Return the processed ID
*/
function str_check ( $str ) {
if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is open
$str = addslashes($str); // Filtering
}
$str = str_replace("_", "_", $str); // Filter out '_'
$str = str_replace("%", "%", $str); // Filter out '% 'Filter out
return $str;
}
Php code
/**
* Function name: post_check()
* Function: Process the submitted editing content
* Parameters: $post: Content to be submitted
* Return value: $post: Return filtered content
*/ function post_check($post) {
if (!get_magic_quotes_gpc()) { // Judgment Whether magic_quotes_gpc is open or not
$post = addslashes($post); // Filter the submitted data if magic_quotes_gpc is not open }
} $post = str_replace("_ ", "_", $post); // Filter the '_'
$ Post = Str_replace ("%", "%", $ Post); // Filter the '%'
$ post = nl2br ($ Post); // Enter the car Conversion