Input value/form submission parameter filtering to prevent SQL injection or illegal attacks:
Copy code The code is as follows:
/ **
* Keywords for filtering sql and php file operations
* @param string $string
* @return string
* @author zyb
*/
private function filter_keyword( $string ) {
$keyword = 'select|insert|update|delete|'|/*|*|../|./|union|into |load_file|outfile';
$arr = explode( '|', $keyword );
$result = str_ireplace( $arr, '', $string );
return $result;
}
/**
* Check whether the entered number is legal, return the corresponding id if it is legal, otherwise return false
* @param integer $id
* @return mixed
* @author zyb
*/
protected function check_id( $id ) {
$result = false;
if ( $id !== '' && !is_null( $id ) ) {
$var = $this->filter_keyword( $id ); // Keywords for filtering sql and php file operations
if ( $var !== '' && !is_null( $ var ) && is_numeric( $var ) ) {
$result = intval( $var );
}
}
return $result;
}
/**
* Check whether the entered characters are legal, return the corresponding id if legal, otherwise return false
* @param string $string
* @return mixed
* @author zyb
*/
protected function check_str( $string ) {
$result = false;
$var = $this->filter_keyword( $string ); // Filter sql and php file operations Keywords
if ( !empty( $var ) ) {
if ( !get_magic_quotes_gpc() ) { // Determine whether magic_quotes_gpc is turned on
$var = addslashes( $string ); // Perform magic_quotes_gpc not Filtering of submitted data when open
}
//$var = str_replace( "_", "_", $var ); // Filter out '_'
$var = str_replace( "%", "%", $var ); // Filter out '%'
$var = nl2br( $var ); // Enter conversion
$var = htmlspecialchars( $var ); / /html tag conversion
$result = $var;
}
return $result;
}
http://www.bkjia.com/PHPjc/621659.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/621659.htmlTechArticleInput value/form submission parameter filtering to prevent SQL injection or illegal attacks: Copy the code as follows: /* * * Keywords for filtering sql and php file operations * @param string $string * @r...
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
