This article illustrates a simple and practical PHP anti-injection class. Share to everyone for your reference. Specifically as follows:
PHP anti-injection note to filter the information is basically get,post, and then for SQL is our common query, insert and so on SQL command, below I give you two simple examples, I hope these examples can bring you security.
PHP Anti-injection class code is as follows:
Copy Code code as follows:
<?php
/**
* Parameter Processing class
* @author Jasonwei
*/
Class Params
{
Public $get = Array ();
Public $post = Array ();
function __construct ()
{
if (!emptyempty ($_get)) {
foreach ($_get as $key => $val) {
if (Is_numeric ($val)) {
$this->get[$key] = $this->getint ($val);
} else {
$this->get[$key] = $this->getstr ($val);
}
}
}
if (!emptyempty ($_post)) {
foreach ($_post as $key => $val) {
if (Is_numeric ($val)) {
$this->post[$key] = $this->getint ($val);
} else {
$this->post[$key] = $this->getstr ($val);
}
}
}
}
Public Function getInt ($number)
{
Return Intval ($number);
}
Public Function Getstr ($string)
{
if (!GET_MAGIC_QUOTES_GPC ()) {
$string = Addslashes ($string);
}
return $string;
}
Public Function Checkinject ($string)
{
Return eregi (' select|insert|update|delete|/*|*|. /|. /|union|into|load_file|outfile ', $string);
}
Public Function Verifyid ($id = null)
{
if (! $id | | | $this->checkinject ($id) | |!is_numeric ($id)) {
$id = false;
} else {
$id = Intval ($id);
}
return $id;
}
}
?>
Example two, the code is as follows:
Copy Code code as follows:
<?php
/*************************
Description
Determines whether the passed variable contains illegal characters
such as $_post, $_get
Function:
Anti-injection
*************************/
Illegal characters to filter
$ArrFiltrate =array ("'", "or", "and", "union", "where");
The URL to jump after an error is not filled in the default previous page
$STRGOURL = "";
Whether the value in the array exists
function Funstringexist ($StrFiltrate, $ArrFiltrate) {
foreach ($ArrFiltrate as $key => $value) {
if (eregi ($value, $StrFiltrate)) {
return true;
}
}
return false;
}
Merging $_post and $_get
if (function_exists (Array_merge)) {
$ArrPostAndGet =array_merge ($HTTP _post_vars, $HTTP _get_vars);
}else{
foreach ($HTTP _post_vars as $key => $value) {
$ArrPostAndGet []= $value;
}
foreach ($HTTP _get_vars as $key => $value) {
$ArrPostAndGet []= $value;
}
}
Verify Start
foreach ($ArrPostAndGet as $key => $value) {
if (Funstringexist ($value, $ArrFiltrate)) {
echo "<script language= ' JavaScript ' >alert (' The message must not contain illegal characters {', or,and,union}, etc. please replace them with {', or,and,union} '); </ Script> ";
if (Emptyempty ($STRGOURL)) {
echo "<scriptlanguage= ' JavaScript ' >history.go ( -1);</script>";
}else{
echo "<scriptlanguage= ' JavaScript ' >window.location= '". $StrGoUrl. "'; </script> ";
}
Exit
}
}
/*************** end to prevent PHP injection *****************/
?>
I hope this article will help you with your PHP program design.