Home > Backend Development > PHP Tutorial > SQL injection character detection function_PHP tutorial

SQL injection character detection function_PHP tutorial

WBOY
Release: 2016-07-13 17:10:11
Original
1099 people have browsed it

I wrote a sql injection detection function that can effectively detect user posts and filter the obtained references. Friends in need can refer to it.

The code is as follows
 代码如下 复制代码

/*sql 注入 字符的检测
* 在所有用户输入的数据,post传参, get传参 都需要检测下
* 如果有匹配到关键字 则 返回该关键字 否则返回false
* 这个和敏感字符的检测不是一样的
*/
function Filter_SQL($strData)
{
$strFilter=$blnFlag=$arrayFilter='';

$strFilter="'|and|(|)|exec|insert|select|delete|update|count|*|%27|chr|mid|master|truncate|char|declare|union|or"; //需要过滤的字符,可以自己添,"|"是分隔符
$blnFlag=false; //过滤标志,如果产生过滤,那么就是真

$arr=explode("|",$strFilter);
$str="";

foreach($arr as $row)
{
$str.=preg_quote($row)."|";
}

$str=trim($str,"|");

if(preg_match('/'.$str.'/i',$strData,$word))
{
return $word[0];
}

return false;
}

/*
测试
$string="fasdf union ";
echo Filter_SQL($string);
*/

?>

Copy code
/*SQL injection character detection
* All user-entered data, post parameters, and get parameters need to be detected
* If a keyword is matched, return the keyword, otherwise return false
* This is not the same as the detection of sensitive characters
*/
function Filter_SQL($strData)
{
$strFilter=$blnFlag=$arrayFilter='';

$strFilter="'|and|(|)|exec|insert|select|delete|update|count|*|%27|chr|mid|master|truncate|char|declare|union|or"; / /You can add the characters that need to be filtered by yourself, "|" is the separator
$blnFlag=false; //Filter flag, if filtering occurs, then it is true

$arr=explode("|",$strFilter);
$str="";

foreach($arr as $row)
{
$str.=preg_quote($row)."|";
}

$str=trim($str,"|");

if(preg_match('/'.$str.'/i',$strData,$word))
{
return $word[0];
}

return false;
}

?> http://www.bkjia.com/PHPjc/629696.html
www.bkjia.com
truehttp: //www.bkjia.com/PHPjc/629696.htmlTechArticleA sql injection detection function written by myself, which can effectively detect user posts and filter the references obtained. Friends in need can refer to it. The code is as follows Copy the code ?php /*sql injection...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template