Home > Developer Tools > PHP Tutorials

sql universal anti-injection system

Source: Internet
Author: User
Keywords Network programming PHP tutorial
Tags anti- array based code delete echo function get
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

sql generic anti-injection system This article provides anti-sql injection code is a php tutorial sql double filter illegal characters function, he can be based on user-defensive SQL injection Oh, first filter some sql command, then the post get filtered once, the best validation.
* /
// anti-injection

$ arrfiltrate = array (update, delete, selert, drop, exec, cast, union, union);
// jump after the error url, do not fill the default previous page
$ strgourl = "";
// Whether there is an array value
function funstringexist ($ strfiltrate, $ arrfiltrate) {
foreach ($ arrfiltrate as $ key => $ value) {
if (eregi ($ value, $ strfiltrate)) {
return true;
}
}
return false;
}
// Combine $ _post and $ _get
if (function_exists (array_merge)) {
$ arrpostandget = array_merge ($ http_post_vars, $ http_get_vars);
} else {
foreach ($ http_post_vars as $ key => $ value) {
$ arrpostandget [] = $ value;
}
foreach ($ http_get_vars as $ key => $ value) {
$ arrpostandget [] = $ value;
}
}
// validation begins
foreach ($ arrpostandget as $ key => $ value) {
if (funstringexist ($ value, $ arrfiltrate)) {
echo "";
if (empty ($ strgourl)) {
echo "";
} else {
echo "";
}
echo "<script> alert ('system detected an illegal character!'); history.back (); </ script>";
exit ();
}
}
?>

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
anti sql injection php script universal sql client universal javascript anti sql universal forge universal linux universal time server
Related Article
php character matching code
php fgetcsv read csv file code
php regular get URL address code
PHP pdo transaction rollback code instance
PHP Science count parameters to convert to Integer program

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

Hot Article
Hot Tags
computing conference access forum computer class data get http html applications
Popular Keywords
direct digital landing development documentation data user director of marketing deploy it ddos how to description of products and services ddos information data website domain to dns

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More