Recently in a topic polling site, customers know something about the program. There are special requirements to filter some characters to prevent SQL injection. There was no particular study on this front. Oh, and carry forward a back take doctrine. Take the SQL anti-injection function from the Discuz forum!
Copy CodeThe code is as follows:
$magic _QUOTES_GPC = GET_MAGIC_QUOTES_GPC ();
@extract (Daddslashes ($_cookie));
@extract (Daddslashes ($_post));
@extract (Daddslashes ($_get));
if (! $magic _QUOTES_GPC) {
$_files = Daddslashes ($_files);
}
function Daddslashes ($string, $force = 0) {
if (! $GLOBALS [' MAGIC_QUOTES_GPC '] | | $force) {
if (Is_array ($string)) {
foreach ($string as $key = = $val) {
$string [$key] = Daddslashes ($val, $force);
}
} else {
$string = Addslashes ($string);
}
}
return $string;
}
You can enhance the following code to protect the security of the server, PHP to prevent SQL injection security function is very important!
Copy CodeThe code is as follows:
/*
Function name: Inject_check ()
Function: Detects whether the submitted value is a character that contains SQL injections, prevents injections, and secures the server
Parameters: $sql _STR: Committed variables
Return value: Return test result, ture or False
*/
function Inject_check ($sql _str) {
Return eregi (' select|insert|and|or|update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile ', $sql _str) ; To filter
}
/*
Function name: verify_id ()
Function: Verify that the ID class value of the commit is legal
Parameter: $id: The ID value of the Commit
Return value: Returns the processed ID
*/
function verify_id ($id =null) {
if (! $id) {exit (' No arguments are submitted! '); }//Is null-judged
ElseIf (Inject_check ($id)) {exit (' argument submitted is illegal! '); }//Injection judgment
ElseIf (!is_numeric ($id)) {exit (' argument submitted is illegal! '); }//Digital judgment
$id = Intval ($id); The whole type of
return $id;
}
/*
Function name: Str_check ()
Function: Filter the submitted string
Parameter: $var: The string to be processed
Return value: Returns the filtered string
*/
function Str_check ($STR) {
if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open
$str = Addslashes ($STR); To filter
}
$str = Str_replace ("_", "\_", $str); Filter out the ' _ '
$str = str_replace ("%", "\%", $str); Filter out the '% '
return $str;
}
/*
Function name: Post_check ()
Function: Process the edited content of the submission
Parameters: $post: What to submit
return value: $post: Returns the filtered content
*/
function Post_check ($post) {
if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open
$post = Addslashes ($post); To filter the submission data without opening the MAGIC_QUOTES_GPC
}
$post = Str_replace ("_", "\_", $post); Filter out the ' _ '
$post = str_replace ("%", "\%", $post); Filter out the '% '
$post = NL2BR ($post); Carriage return Conversion
$post = Htmlspecialchars ($post); HTML markup Conversions
return $post;
}
http://www.bkjia.com/PHPjc/322808.html www.bkjia.com true http://www.bkjia.com/PHPjc/322808.html techarticle recently in a topic polling site, customers know something about the program. There are special requirements to filter some characters to prevent SQL injection. There was no particular study on this front. Ah ...