Input value/form submission parameter filtering to prevent SQL injection or illegal attack methods:
Copy CodeThe code is as follows:
/**
* Filter SQL and PHP file operation keywords
* @param string $string
* @return String
* @author Zyb
*/
Private Function Filter_keyword ($string) {
$keyword = ' select|insert|update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile ';
$arr = Explode (' | ', $keyword);
$result = Str_ireplace ($arr, ", $string);
return $result;
}
/**
* Check whether the entered number is legal, return the corresponding ID legally, otherwise return false
* @param integer $id
* @return Mixed
* @author Zyb
*/
protected function check_id ($id) {
$result = false;
if ($id!== "&&!is_null ($id)) {
$var = $this->filter_keyword ($id); Keywords for filtering SQL and PHP file operations
if ($var!== "&&!is_null ($var) && is_numeric ($var)) {
$result = Intval ($var);
}
}
return $result;
}
/**
* Check if the character entered is legal, return the corresponding ID legally, otherwise return false
* @param string $string
* @return Mixed
* @author Zyb
*/
protected function Check_str ($string) {
$result = false;
$var = $this->filter_keyword ($string); Keywords for filtering SQL and PHP file operations
if (!empty ($var)) {
if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open
$var = Addslashes ($string); To filter the submission data without opening the MAGIC_QUOTES_GPC
}
$var = Str_replace ("_", "\_", $var); Filter out the ' _ '
$var = str_replace ("%", "\%", $var); Filter out the '% '
$var = NL2BR ($var); Carriage return Conversion
$var = Htmlspecialchars ($var); HTML markup Conversions
$result = $var;
}
return $result;
}
http://www.bkjia.com/PHPjc/621659.html www.bkjia.com true http://www.bkjia.com/PHPjc/621659.html techarticle input value/form submit parameter filter, prevent SQL injection or illegal attack method: Copy code code as follows:/** * Filter SQL and PHP file operation keywords * @param string $string * @r ...