Input value/form submission parameter filtering effective method to prevent SQL injection

Source: Internet
Author: User

Input value/form submission parameter filtering can effectively prevent SQL injection or illegal attacks, here are some good methods for you to be interested in not to miss

Input value/form submission parameter filtering to prevent SQL injection or illegal attack:  copy code code as follows:/**  * Keywords   * Filter sql and PHP file operation key word @param string $string   * @retur N string  * @author zyb <zyb_icanplay@163.com>  */  Private Function Filter_keyword ($string) {&nbsp ; $keyword = ' select|insert|update|delete| ' | /*|*|.. /|. /|union|into|load_file|outfile ';  $arr = explode (' | ', $keyword);  $result = Str_ireplace ($arr, ', $string);   return $result; }   /**  * Check if the number entered is valid, return the corresponding ID legally, otherwise the false  * @param integer $id   * @return mixed  * @author zyb <zyb_icanplay@163.com>  */  protected function check_id ($id) {  $ result = false;  if ($id!== ' &&!is_null ($id)) {  $var = $this->filter_keyword ($id);//Filter sq L with PHP file operation keywords   if ($var!== ' &&!is_null ($var) && is_numeric ($var)) {  $result = Intval ( $var); } }  return $result; }   /**  * Check if the character entered is legitimate,Returns the corresponding ID legally, otherwise returns the false  * @param string $string   * @return mixed  * @author zyb <ZYB_ICANPLAY@163.COM>&N Bsp */  protected function Check_str ($string) {  $result = false;  $var = $this->filter_keyword ($string) ; keywords to filter SQL and PHP file operations   if (!empty ($var)) {  if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open   $var = Addslashes ($string); Do not open the MAGIC_QUOTES_GPC of the data submitted to the filter  } //$var = Str_replace ("_", "_", $var); The ' _ ' filter out   $var = str_replace ("%", "%", $var); Filter out the '% '   $var = NL2BR ($var); Carriage return conversion   $var = Htmlspecialchars ($var); HTML markup conversion   $result = $var; }  return $result; }   

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.