Php filters html strings to prevent SQL injection
Php filters html strings to prevent SQL injection
Php filters html strings to prevent SQL injection. it uses functions to process the strings to be written to the database to filter illegal information and malicious html code!
// Php batch filter post, get sensitive data if (get_magic_quotes_gpc () {$ _ GET = stripslashes_array ($ _ GET); $ _ POST = stripslashes_array ($ _ POST );} function stripslashes_array (& $ array) {while (list ($ key, $ var) = each ($ array) {if ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) = "$ key") {if (is_string ($ var) {$ array [$ key] = stripslashes ($ var );} if (is_array ($ var) {$ array [$ key] = stripslashes_array ($ var) ;}}return $ array ;}// ---------------------- // replace the HTML tail tag, for the filtering service // -------------------------- function lib_replace_end_tag ($ str) {if (empty ($ str) return false; $ str = htmlspecialchars ($ str ); $ str = str_replace ('/', "", $ str); $ str = str_replace ("\", "", $ str ); $ str = str_replace (">", "", $ str); $ str = str_replace ("<", "", $ str ); $ str = str_replace ("SCRIPT", "", $ str); $ str = str_replace ("SCRIPT", "", $ str ); $ str = str_replace ("script", "", $ str); $ str = str_replace ("script", "", $ str ); $ str = str_replace ("select", "select", $ str); $ str = str_replace ("join", "join", $ str ); $ str = str_replace ("union", "union", $ str); $ str = str_replace ("where", "where", $ str ); $ str = str_replace ("insert", "insert", $ str); $ str = str_replace ("delete", "delete", $ str ); $ str = str_replace ("update", "update", $ str); $ str = str_replace ("like", "like", $ str ); $ str = str_replace ("drop", "drop", $ str); $ str = str_replace ("create", "create", $ str ); $ str = str_replace ("modify", "modify", $ str); $ str = str_replace ("rename", "rename", $ str ); $ str = str_replace ("alter", "alter", $ str); $ str = str_replace ("cas", "cast", $ str ); $ str = str_replace ("&", "&", $ str); $ str = str_replace (">", ">", $ str ); $ str = str_replace ("<", "<", $ str); $ str = str_replace ("", chr (32), $ str ); $ str = str_replace ("", chr (9), $ str); $ str = str_replace ("", chr (9), $ str ); $ str = str_replace ("&", chr (34), $ str); $ str = str_replace ("'", chr (39), $ str ); $ str = str_replace ("
", Chr (13), $ str); $ str = str_replace (" ''", "'", $ str); $ str = str_replace ("css ", "'", $ str); $ str = str_replace ("CSS", "'", $ str); return $ str ;}
2. [code] [PHP] code
The reference is like this: $ xxx = htmlspecialchars ($ _ POST ['XXX']); or $ xxx = htmlspecialchars ($ _ GET ['XXX']);
The above section filters html strings in php to prevent SQL injection. For more information, see PHP Chinese website (www.php1.cn )!