Php anti-injection function 1. & nbsp; the basic principles of PHP injection the programmer's level and experience are also uneven. when a considerable number of programmers write code, the validity of user input data is not determined, so that the application has security risks. The user can submit a piece of database query code and obtain some data he wants to know based on the results returned by the program. this is the php anti-injection function.
1. basic principles of PHP injection
The programmer's level and experience are also uneven. a considerable number of programmers did not
The legality of the data entered by the user is determined to cause security risks to the application. You can submit a piece of data.
Library query code, according to the results returned by the program, get some data he wants to know, this is called
SQL Injection, that is, SQL Injection. Affected systems: systems that do not check or filter input parameters
// Anti-injection
Function inject_check ($ SQL _str ){
$ Check = eregi ('select | insert | update | delete | '|/* |.../|./| union | into | load_file
| Outfile ', $ SQL _str); // filter
If ($ check)
{
Echo ("If the water impression network http://www.ruoshuiyx.com prompt: Do not try illegal injection ");
Exit ();
}
Else
Return $ SQL _str;
}
See