PHP code example to prevent sql injection

WBOY
Release: 2016-07-25 08:55:24
Original
1121 people have browsed it
  1. Function inject_check($sql_str) {
  2. return eregi('select|insert|and|or|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);
  3. }
  4. if (inject_check($_SERVER['QUERY_STRING'])==1 or inject_check(file_get_contents("php://input"))==1){
  5. //echo "警告 非法访问!";
  6. header("Location: Error.php");
  7. }
复制代码

例2,批量过滤post,get敏感数据

  1. $_GET = stripslashes_array($_GET);

  2. $_POST = stripslashes_array($_POST);

  3. //数据过滤函数

  4. function stripslashes_array(&$array) {
  5. while(list($key,$var) = each($array)) {
  6. if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
  7. if (is_string($var)) {
  8. $array[$key] = stripslashes($var);
  9. } // bbs.it-home.org
  10. if (is_array($var)) {
  11. $array[$key] = stripslashes_array($var);
  12. }
  13. }
  14. }
  15. return $array;
  16. }

复制代码

例3,替换HTML尾标签、为过滤服务。

  1. //防止sql注入
  2. function lib_replace_end_tag($str)
  3. {
  4. if (empty($str)) return false;
  5. $str = htmlspecialchars($str);
  6. $str = str_replace( '/', "", $str);
  7. $str = str_replace("\", "", $str);
  8. $str = str_replace(">", "", $str);
  9. $str = str_replace("<", "", $str);
  10. $str = str_replace("", "", $str);
  11. $str = str_replace("", "", $str);
  12. $str=str_replace("select","select",$str);
  13. $str=str_replace("join","join",$str);
  14. $str=str_replace("union","union",$str);
  15. $str=str_replace("where","where",$str);
  16. $str=str_replace("insert","insert",$str);
  17. $str=str_replace("delete","delete",$str);
  18. $str=str_replace("update","update",$str);
  19. $str=str_replace("like","like",$str);
  20. $str=str_replace("drop","drop",$str);
  21. $str=str_replace("create","create",$str);
  22. $str=str_replace("modify","modify",$str);
  23. $str=str_replace("rename","rename",$str);
  24. $str=str_replace("alter","alter",$str);
  25. $str=str_replace("cas","cast",$str);
  26. $str=str_replace("&","&",$str);
  27. $str=str_replace(">",">",$str);
  28. $str=str_replace("<","<",$str);
  29. $str=str_replace(" ",chr(32),$str);
  30. $str=str_replace(" ",chr(9),$str);
  31. $str=str_replace(" ",chr(9),$str);
  32. $str=str_replace("&",chr(34),$str);
  33. $str=str_replace("'",chr(39),$str);
  34. $str=str_replace("
    ",chr(13),$str);
  35. $str=str_replace("''","'",$str);
  36. $str=str_replace("css","'",$str);
  37. $str=str_replace("CSS","'",$str);
  38. return $str;
  39. }
复制代码

>>> 您可能感兴趣的文章:php防止SQL注入的方法分享防止sql注入与跨站攻击的代码分享(初级实用型)php防sql注入函数mysql_real_escape_string解析php防范sql注入的一些代码收集php防止sql注入的方法解析php 防注入的一段代码(过滤参数)简明易懂的php sql防注入代码php防止sql注入的代码php实现sql防止注入的几种方法一个不错的php通用防注入程序php防止SQL注入的函数



source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!