Home > Backend Development > PHP Tutorial > PHP prevents SQL injection

PHP prevents SQL injection

巴扎黑
Release: 2016-11-22 15:43:59
Original
1082 people have browsed it

For general injection prevention, just use PHP’s addslashes function.

Php code

$_POST = sql_injection($_POST);

$_GET = sql_injection($_GET);

function sql_injection($content) {​

if (!get_magic_quotes_gpc()) {

if (is_array($content)) {

foreach ($content as $key=>$value) {

$content[$key] = addslashes($value);

                                                                                      S addslashes ($ Content);

}}}

Return $ Content; eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str); // Filtering

}

Php code

/**

* Function name: inject_check()

* Function function: Detect whether the submitted value contains SQL injection characters, prevent injection, and protect server security

* Parameters: $sql_str: Submitted variable

* Return value :Return the test result, true or false

*/

function verify_id($id=null) {

if (!$id) { exit('No parameters submitted!'); } // Judgment of whether it is null or not

elseif (inject_check($id)) { exit('The submitted parameters are illegal!'); } // Injection judgment            

elseif (!is_numeric($id)) { exit('The submitted parameters are illegal!'); } // Numerical judgment                                                                                                                                                                                                         

/**

* Function name: verify_id()


* Function: Verify whether the submitted ID value is legal

* Parameters: $id: Submitted ID value

* Return value: Return the processed ID

*/

function str_check ( $str ) {

if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is open

$str = addslashes($str); // Filtering

}

$str = str_replace("_", "_", $str); // Filter out '_'

$str = str_replace("%", "%", $str); // Filter out '% 'Filter out

return $str;

}

Php code

/**

* Function name: post_check()

* Function: Process the submitted editing content

* Parameters: $post: Content to be submitted

* Return value: $post: Return filtered content

*/ function post_check($post) {​

​ if (!get_magic_quotes_gpc()) { ​ // Judgment Whether magic_quotes_gpc is open or not

$post = addslashes($post); // Filter the submitted data if magic_quotes_gpc is not open }

} $post = str_replace("_ ", "_", $post); // Filter the '_'

$ Post = Str_replace ("%", "%", $ Post); // Filter the '%'

$ post = nl2br ($ Post); // Enter the car Conversion                                                                                 

Related labels:
php
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template