Home > Backend Development > PHP Tutorial > Example of filtering paging parameters in PHP to prevent sql injection, sql paging_PHP tutorial

Example of filtering paging parameters in PHP to prevent sql injection, sql paging_PHP tutorial

WBOY
Release: 2016-07-13 10:15:27
Original
1036 people have browsed it

PHP filter paging parameter example to prevent sql injection, sql paging

The example in this article describes the method of filtering paging parameters in PHP to prevent SQL injection. Share it with everyone for your reference. The specific analysis is as follows:

As far as network security is concerned, do not trust any input information on the Internet. We must perform parameter filtering for any input information. In this regard, let’s first take a look at the following example:

Copy code The code is as follows:
$this->load->library ( 'pagination' );
$config ['base_url'] = site_url () . '/guest/show';
$config ['total_rows'] = $c;
$config ['per_page'] = $pernum = 15;
$config ['uri_segment'] = 3;
$config ['use_page_numbers'] = TRUE;
$config ['first_link'] = 'First page';
$config ['last_link'] = 'Last page';
$config ['num_links'] = 5;
$this->pagination->initialize ( $config );
if (! $this->uri->segment ( 3 )) {
$currentnum = 0;
} else {
$currentnum = is_numeric($this->uri->segment ( 3 ))?(intval($this->uri->segment ( 3 ) - 1)) * $pernum:0;
}

$current_page=is_numeric($this->uri->segment ( 3 ))?intval($this->uri->segment ( 3 )):1;
if($current_page){
$data ['title'] = 'Page '.$current_page.'-Guestbook-Anti-SQL injection test';
}
else{
$data ['title'] = 'Guestbook-Anti-SQL injection test';
}

$data ['liuyan'] = $this->ly->getLy ( $pernum, $currentnum );

Among them:

Copy code The code is as follows:
$current_page=is_numeric($this->uri->segment (3))?intval ($this->uri->segment ( 3 )):1;
$currentnum = is_numeric($this->uri->segment ( 3 ))?(intval($this->uri->segment ( 3 ) - 1)) * $pernum;

These two sentences determine whether the parameter is a number. Prevent illegal character input.

I hope this article will be helpful to everyone’s PHP programming design.

php filter sql injection, newbie

I wrote a code to prevent SQL injection in PHP4 environment. After actual use, it is also compatible under PHP5. Everyone is welcome to modify and use it.
The code is as follows:
/*
sqlin anti-injection class
*/
class sqlin
{

//dowith_sql($ value)
function dowith_sql($str)
{
$str = str_replace("and","",$str);
$str = str_replace("execute","",$ str);
$str = str_replace("update","",$str);
$str = str_replace("count","",$str);
$str = str_replace(" chr","",$str);
$str = str_replace("mid","",$str);
$str = str_replace("master","",$str);
$str = str_replace("truncate","",$str);
$str = str_replace("char","",$str);
$str = str_replace("declare","" ,$str);
$str = str_replace("select","",$str);
$str = str_replace("create","",$str);
$str = str_replace ("delete","",$str);
$str = str_replace("insert","",$str);
$str = str_replace("'","",$str);
$str = str_replace(""","",$str);
$str = str_replace(" ","",$str);
$str = str_replace("or"," ",$str);
$str = str_replace("=","",$str);
$str = str_replace("%20","",$str);
// echo $str;
return $str;
}
//aticle() Anti-SQL injection function
function sqlin()
{
foreach ($_GET as $key=> ;$value)
{
$_GE...the rest of the text>>

PHP SQL injection prevention problem

Basically, I use the two methods htmlspecialchars() and mysql_escape_string() to process the obtained parameters. .

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/904932.htmlTechArticleAn example of filtering paging parameters in php to prevent sql injection, sql paging. This article describes the filtering paging parameters in php to prevent sql injection. method. Share it with everyone for your reference. The specific analysis is as follows:...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template