Input value/form submission parameter filtering can effectively prevent SQL injection or illegal attacks, here are some good methods for you to be interested in not to miss
Input value/form submission parameter filtering to prevent SQL injection or illegal attack: copy code code as follows:/** * Keywords * Filter sql and PHP file operation key word @param string $string * @retur N string * @author zyb <zyb_icanplay@163.com> */ Private Function Filter_keyword ($string) {  ; $keyword = ' select|insert|update|delete| ' | /*|*|.. /|. /|union|into|load_file|outfile '; $arr = explode (' | ', $keyword); $result = Str_ireplace ($arr, ', $string); return $result; } /** * Check if the number entered is valid, return the corresponding ID legally, otherwise the false * @param integer $id * @return mixed * @author zyb <zyb_icanplay@163.com> */ protected function check_id ($id) { $ result = false; if ($id!== ' &&!is_null ($id)) { $var = $this->filter_keyword ($id);//Filter sq L with PHP file operation keywords if ($var!== ' &&!is_null ($var) && is_numeric ($var)) { $result = Intval ( $var); } } return $result; } /** * Check if the character entered is legitimate,Returns the corresponding ID legally, otherwise returns the false * @param string $string * @return mixed * @author zyb <ZYB_ICANPLAY@163.COM>&N Bsp */ protected function Check_str ($string) { $result = false; $var = $this->filter_keyword ($string) ; keywords to filter SQL and PHP file operations if (!empty ($var)) { if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open $var = Addslashes ($string); Do not open the MAGIC_QUOTES_GPC of the data submitted to the filter } //$var = Str_replace ("_", "_", $var); The ' _ ' filter out $var = str_replace ("%", "%", $var); Filter out the '% ' $var = NL2BR ($var); Carriage return conversion $var = Htmlspecialchars ($var); HTML markup conversion $result = $var; } return $result; }