PHP prevents SQL injection

For general injection prevention, just use PHP’s addslashes function.

Php code

$_POST = sql_injection($_POST);

$_GET = sql_injection($_GET);

function sql_injection($content) {​

if (!get_magic_quotes_gpc()) {

if (is_array($content)) {

foreach ($content as $key=>$value) {

$content[$key] = addslashes($value);

                                                                                      S addslashes ($ Content);

}}}

Return $ Content; eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str); // Filtering

}

Php code

/**

* Function name: inject_check()

* Function function: Detect whether the submitted value contains SQL injection characters, prevent injection, and protect server security

* Parameters: $sql_str: Submitted variable

* Return value ：Return the test result, true or false

*/

function verify_id($id=null) {

if (!$id) { exit('No parameters submitted!'); } // Judgment of whether it is null or not

elseif (inject_check($id)) { exit('The submitted parameters are illegal!'); } // Injection judgment            

elseif (!is_numeric($id)) { exit('The submitted parameters are illegal!'); } // Numerical judgment                                                                                                                                                                                                         

/**

* Function name: verify_id()

* Function: Verify whether the submitted ID value is legal

* Parameters: $id: Submitted ID value

* Return value: Return the processed ID

*/

function str_check ( $str ) {

if (!get_magic_quotes_gpc()) { // Determine whether magic_quotes_gpc is open

$str = addslashes($str); // Filtering

}

$str = str_replace("_", "_", $str); // Filter out '_'

$str = str_replace("%", "%", $str); // Filter out '% 'Filter out

return $str;

}

Php code

/**

* Function name: post_check()

* Function: Process the submitted editing content

* Parameters: $post: Content to be submitted

* Return value: $post: Return filtered content

*/ function post_check($post) {​

​ if (!get_magic_quotes_gpc()) { ​ // Judgment Whether magic_quotes_gpc is open or not

$post = addslashes($post); // Filter the submitted data if magic_quotes_gpc is not open }

} $post = str_replace("_ ", "_", $post); // Filter the '_'

$ Post = Str_replace ("%", "%", $ Post); // Filter the '%'

$ post = nl2br ($ Post); // Enter the car Conversion