Very useful PHP filtering function code to prevent SQL injection vulnerabilities
Release: 2016-07-25 09:03:42
Original
1230 people have browsed it
-
- //PHP whole site anti-injection program, you need to require_once this file in the public file
- //Judge the status of magic_quotes_gpc
- if (@get_magic_quotes_gpc ()) {
- $_GET = sec ( $_GET );
- $_POST = sec ( $_POST );
- $_COOKIE = sec ( $_COOKIE );
- $_FILES = sec ( $_FILES );
- }
- $_SERVER = sec ( $_SERVER );
- function sec(&$ array) {
- //If it is an array, traverse the array and call recursively
- if (is_array ( $array )) {
- foreach ( $array as $k => $v ) {
- $array [$k] = sec ( $v );
- }
- } else if (is_string ( $array )) {
- //Use addslashes function to process
- $array = addslashes ( $array );
- } else if (is_numeric ( $array )) {
- $ array = intval ( $array );
- }
- return $array;
- }
- //Integer filter function
- function num_check($id) {
- if (! $id) {
- die ( 'Parameter cannot be empty!' );
- } //Judgment of whether it is empty
- else if (inject_check ( $id )) {
- die ( 'illegal parameter' );
- } // Judgment of injection
- else if (! is_numetic ( $id )) {
- die ('Illegal parameter');
- }
- //Number judgment
- $id = intval ($id);
- //Integerization
- return $id;
- }
- //Character filter function
- function str_check($str ) {
- if (inject_check ( $str )) {
- die ( 'illegal parameter' );
- }
- //Injection judgment
- $str = htmlspecialchars ( $str );
- //Convert html
- return $str;
- }
- function search_check($str) {
- $str = str_replace ( "_", "_", $str );
- //Filter out "_"
- $str = str_replace ( "%", "%", $ str );
- //Filter out "%"
- $str = htmlspecialchars ( $str );
- //Convert html
- return $str;
- }
- //Form filter function
- function post_check($str, $min, $max) {
- if (isset ( $min ) && strlen ( $str ) < $min) {
- die ( 'minimum $min bytes' );
- } else if (isset ( $max ) && strlen ( $ str ) > $max) {
- die ( 'Up to $max bytes' );
- }
- return stripslashes_array ( $str );
- }
- //Anti-injection function
- function inject_check($sql_str) {
- return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );
- // Filter and prevent injection
- }
- function stripslashes_array( &$array) {
- if (is_array ( $array )) {
- foreach ( $array as $k => $v ) {
- $array [$k] = stripslashes_array ( $v );
- }
- } else if (is_string ( $array )) {
- $array = stripslashes ( $array );
- }
- return $array;
- }
- ?>
Copy code
|
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
-
2024-10-22 09:46:29
-
2024-10-13 13:53:41
-
2024-10-12 12:15:51
-
2024-10-11 22:47:31
-
2024-10-11 19:36:51
-
2024-10-11 15:50:41
-
2024-10-11 15:07:41
-
2024-10-11 14:21:21
-
2024-10-11 12:59:11
-
2024-10-11 12:17:31