php sql anti-injection program code-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

php sql anti-injection program code

怪我咯

Jul 12, 2017 pm 03:18 PM

php code program

SQL injection attacks refer to constructing special inputs and passing them into web applications as parameters. Most of these inputs are some combinations of SQL syntax. The main reason for this is to execute SQL statements and then perform the operations desired by the attacker. The program did not carefully filter the data entered by the user, causing illegal data to invade the system.

According to relevant technical principles, SQL injection can be divided into platform layer injection and code layer injection. The former is caused by insecure database configuration or database platform vulnerabilities; the latter is mainly caused by programmers not carefully filtering the input, thereby executing illegal data queries. Based on this, the causes of SQL injection usually manifest in the following aspects: ① Improper type processing; ② Unsafe database configuration; ③ Unreasonable query set processing; ④ Improper error handling; ⑤ Transfer Improper handling of semantic characters; ⑥ Improper handling of multiple submissions.

This article mainly introduces a general anti-injection code. The code is as follows:

function jk1986_checksql() 
{ 
$bad_str = "and|select|update|&#39;|delete|insert|*"; 
$bad_Array = explode("|",$bad_str); 
/** 过滤Get参数 **/ 
foreach ($bad_Array as $bad_a) 
{ 
foreach ($_GET as $g) 
{ 
if (substr_count(strtolower($g),$bad_a) > 0) 
{ 
echo "<script>alert(&#39;诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660&#39;);location.href=&#39;index.php&#39;;</script>"; 
exit(); 
} 
} 
} 

/** 过滤Post参数 **/ 

foreach ($bad_Array as $bad_a) 
{ 
foreach ($_POST as $p) 
{ 
if (substr_count(strtolower($p),$bad_a) > 0) 
{ 
echo "<script>alert(&#39;诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660&#39;);location.href=&#39;index.php&#39;;</script>"; 
exit(); 
} 
} 
} 

/** 过滤Cookies参数 **/ 

foreach ($bad_Array as $bad_a) 
{ 
foreach ($_COOKIE as $co) 
{ 
if (substr_count(strtolower($co),$bad_a) > 0) 
{ 
echo "<script>alert(&#39;诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660&#39;);location.href=&#39;index.php&#39;;</script>"; 
exit(); 
} 
} 
} 
}

Copy after login

The above is the detailed content of php sql anti-injection program code. For more information, please follow other related articles on the PHP Chinese website!

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

4 weeks ago By DDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

4 weeks ago By DDD

Two Point Museum: All Exhibits And Where To Find Them

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7375

Java Tutorial

1628

CakePHP Tutorial

1355

Laravel Tutorial

1267

PHP Tutorial

1216

Related knowledge

CakePHP Project Configuration Sep 10, 2024 pm 05:25 PM

In this chapter, we will understand the Environment Variables, General Configuration, Database Configuration and Email Configuration in CakePHP.

PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

CakePHP Date and Time Sep 10, 2024 pm 05:27 PM

To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.

CakePHP File upload Sep 10, 2024 pm 05:27 PM

To work on file upload we are going to use the form helper. Here, is an example for file upload.

CakePHP Routing Sep 10, 2024 pm 05:25 PM

In this chapter, we are going to learn the following topics related to routing ?

Discuss CakePHP Sep 10, 2024 pm 05:28 PM

CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu

CakePHP Creating Validators Sep 10, 2024 pm 05:26 PM

Validator can be created by adding the following two lines in the controller.

How To Set Up Visual Studio Code (VS Code) for PHP Development Dec 20, 2024 am 11:31 AM

Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c

See all articles