As a developer always remember a word, never trust any user input! Many times our site will be due to our developers to write the code is not rigorous, and make the site under attack, causing unnecessary loss! Here's how to prevent SQL injection!
Here is a function to filter what the user has entered! You can call this function to filter by using post to pass the value!
/** * Filter Parameters * @param string $str parameters accepted * @return String * /static public function Filterwords ($STR) c6/>{ $farr = Array ( "/< (\\/?) (script|i?frame|style|html|body|title|link|meta|object|\\?| \\%) ([^>]*?) >/isu ", "/(<[^>]*) on[a-za-z]+\s*= ([^>]*>)/isu ", "/select|insert|update|delete|\ "|\/\*| \*|\.\.\/|\.\/|union|into|load_file|outfile|dump/is " ); $str = Preg_replace ($farr, ", $str); return $str; } /** * Filter accepted parameters or arrays, such as $_get,$_post * @param array|string $arr accepted parameters or arrays * @return array|string * / static public Function Filterarr ($arr) { if (Is_array ($arr)) { foreach ($arr as $k = = $v) { $arr [$k] = Self::filterwords ($v); } } else{ $arr = self::filterwords ($v); } return $arr; }
PHP anti-XSS anti-SQL injection code