Home > Backend Development > PHP Tutorial > A simple way to prevent SQL injection in PHP. How to prevent SQL injection in PHP. PHP SQL query. PHP connects SQL data.

A simple way to prevent SQL injection in PHP. How to prevent SQL injection in PHP. PHP SQL query. PHP connects SQL data.

WBOY
Release: 2016-07-29 08:52:28
Original
1052 people have browsed it

The example in this article describes how to simply implement SQL injection prevention in PHP. Share it with everyone for your reference, the details are as follows:

There is not much filtering here, mainly for the combination of php and mysql.

For general injection prevention, just use PHP’s addslashes function.

The following is a copied code:

PHP code:

$_POST = sql_injection($_POST);
$_GET = sql_injection($_GET);
function sql_injection($content)
{
if (!get_magic_quotes_gpc()) {
if (is_array($content)) {
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
}
} else {
addslashes($content);
}
}
return $content;
}

Copy after login

If you are building a system, you can use the following code, which is also copied.

PHP code:

function inject_check($sql_str) {
 return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str);  // 进行过滤
}
function verify_id($id=null) {
 if (!$id) { exit('没有提交参数!'); }  // 是否为空判断
 elseif (inject_check($id)) { exit('提交的参数非法!'); }  // 注射判断
 elseif (!is_numeric($id)) { exit('提交的参数非法!'); }  // 数字判断
 $id = intval($id);  // 整型化
 return $id;
}
function str_check( $str ) {
 if (!get_magic_quotes_gpc()) {  // 判断magic_quotes_gpc是否打开
  $str = addslashes($str);  // 进行过滤
 }
 $str = str_replace("_", "\_", $str);  // 把 '_'过滤掉
 $str = str_replace("%", "\%", $str);  // 把 '%'过滤掉
 return $str;
}
function post_check($post) {
 if (!get_magic_quotes_gpc()) {  // 判断magic_quotes_gpc是否为打开
  $post = addslashes($post);  // 进行magic_quotes_gpc没有打开的情况对提交数据的过滤
 }
 $post = str_replace("_", "\_", $post);  // 把 '_'过滤掉
 $post = str_replace("%", "\%", $post);  // 把 '%'过滤掉
 $post = nl2br($post);  // 回车转换
 $post = htmlspecialchars($post);  // html标记转换
 return $post;
}

Copy after login

Readers who are interested in more PHP-related content can check out the special topics of this site: "php programming security tutorial", "php security filtering skills summary", "PHP operations and operator usage summary" ", "Summary of PHP network programming skills", "Introduction tutorial on PHP basic syntax", "Summary of PHP office document skills (including word, excel, access, ppt)", "Introduction tutorial on PHP object-oriented programming", "php characters "Summary of String Usage", "Introduction Tutorial on PHP+MySQL Database Operation" and "Summary of Common PHP Database Operation Skills"

I hope this article will be helpful to everyone in PHP programming.

The above introduces how to simply implement SQL injection prevention in PHP, including SQL and PHP content. I hope it will be helpful to friends who are interested in PHP tutorials.

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template