Home>Article>Backend Development> Detailed explanation of practical PHP anti-injection code examples

Detailed explanation of practical PHP anti-injection code examples

伊谢尔伦
伊谢尔伦 Original
2017-06-29 13:15:32 1438browse

This article mainly introduces simple and practical examples of PHP anti-injection classes. It uses two simple anti-injection classes as examples to introduce the principles and techniques of PHP anti-injection. It is of great practical value for website security construction and needs Friends can refer to

This article describes a simple and practical PHP anti-injection class with examples. Share it with everyone for your reference. The details are as follows:

PHP Anti-injection Note that the information to be filtered is basically get, post, and for sql, it is our commonly used query, insert, etc. sql commands. Below I will give you two simple examples. I hope these examples can bring security to your website.

PHP anti-injection code is as follows:

 $val) { if (is_numeric($val)) { $this->get[$key] = $this->getInt($val); } else { $this->get[$key] = $this->getStr($val); } } } if (!emptyempty($_POST)) { foreach ($_POST as $key => $val) { if (is_numeric($val)) { $this->post[$key] = $this->getInt($val); } else { $this->post[$key] = $this->getStr($val); } } } } public function getInt($number) { return intval($number); } public function getStr($string) { if (! get_magic_quotes_gpc ()) { $string = addslashes ($string); } return $string; } public function checkInject($string) { return eregi('select|insert|update|delete|/*|*|../|./|union|into|load_file|outfile', $string); } public function verifyId($id = null) { if (!$id || $this->checkInject($id) || !is_numeric($id)) { $id = false; } else { $id = intval($id); } return $id; } } ?>


Example 2, the code is as follows:

$value){ if (eregi($value,$StrFiltrate)){ return true; } } return false; } //合并$_POST 和 $_GET if(function_exists( array_merge )){ $ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS); }else{ foreach($HTTP_POST_VARS as $key=>$value){ $ArrPostAndGet[]=$value; } foreach($HTTP_GET_VARS as $key=>$value){ $ArrPostAndGet[]=$value; } } //验证开始 foreach($ArrPostAndGet as $key=>$value){ if (FunStringExist($value,$ArrFiltrate)){ echo ""; if (emptyempty($StrGoUrl)){ echo "history.go(-1);"; }else{ echo "window.location='".$StrGoUrl."';"; } exit; } } /***************结束防止PHP注入*****************/ ?>


The above is the detailed content of Detailed explanation of practical PHP anti-injection code examples. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn