- Function inject_check ($ SQL _str ){
- Return eregi ('select | insert | and | or | update | delete | \ '| \/\ * | \. \. \/| \. \/| union | into | load_file | outfile ', $ SQL _str );
- }
- If (inject_check ($ _ SERVER ['query _ string']) = 1 or inject_check (file_get_contents ("php: // input") = 1 ){
- // Echo "warns of illegal access! ";
- Header ("Location: Error. php ");
- }
Example 2: Batch filter post and get sensitive data
$ _ GET = stripslashes_array ($ _ GET );
- $ _ POST = stripslashes_array ($ _ POST );
// Data filtering function
- Function stripslashes_array (& $ array ){
- While (list ($ key, $ var) = each ($ array )){
- If ($ key! = 'Argc '& $ key! = 'Argv' & (strtoupper ($ key )! = $ Key | ''. intval ($ key) =" $ key ")){
- If (is_string ($ var )){
- $ Array [$ key] = stripslashes ($ var );
- } // Bbs.it-home.org
- If (is_array ($ var )){
- $ Array [$ key] = stripslashes_array ($ var );
- }
- }
- }
- Return $ array;
- }
Example 3: replace the HTML tail tag with the filter service.
- // Prevents SQL injection
- Function lib_replace_end_tag ($ str)
- {
- If (empty ($ str) return false;
- $ Str = htmlspecialchars ($ str );
- $ Str = str_replace ('/', "", $ str );
- $ Str = str_replace ("\", "", $ str );
- $ Str = str_replace (">", "", $ str );
- $ Str = str_replace ("<", "", $ str );
- $ Str = str_replace ("SCRIPT", "", $ str );
- $ Str = str_replace ("SCRIPT", "", $ str );
- $ Str = str_replace ("script", "", $ str );
- $ Str = str_replace ("script", "", $ str );
- $ Str = str_replace ("select", "select", $ str );
- $ Str = str_replace ("join", "join", $ str );
- $ Str = str_replace ("union", "union", $ str );
- $ Str = str_replace ("where", "where", $ str );
- $ Str = str_replace ("insert", "insert", $ str );
- $ Str = str_replace ("delete", "delete", $ str );
- $ Str = str_replace ("update", "update", $ str );
- $ Str = str_replace ("like", "like", $ str );
- $ Str = str_replace ("drop", "drop", $ str );
- $ Str = str_replace ("create", "create", $ str );
- $ Str = str_replace ("modify", "modify", $ str );
- $ Str = str_replace ("rename", "rename", $ str );
- $ Str = str_replace ("alter", "alter", $ str );
- $ Str = str_replace ("cas", "cast", $ str );
- $ Str = str_replace ("&", "&", $ str );
- $ Str = str_replace (">", ">", $ str );
- $ Str = str_replace ("<", "<", $ str );
- $ Str = str_replace ("", chr (32), $ str );
- $ Str = str_replace ("", chr (9), $ str );
- $ Str = str_replace ("", chr (9), $ str );
- $ Str = str_replace ("&", chr (34), $ str );
- $ Str = str_replace ("'", chr (39), $ str );
- $ Str = str_replace ("
", Chr (13), $ str );
- $ Str = str_replace ("'' "," '", $ str );
- $ Str = str_replace ("css", "'", $ str );
- $ Str = str_replace ("CSS", "'", $ str );
- Return $ str;
- }
>>> Articles that you may be interested in: sharing php methods to prevent SQL injection and code sharing to prevent SQL injection and cross-site attacks (preliminary practical) php anti-SQL injection function mysql_real_escape_string parsing php prevents SQL injection code collection php prevents SQL injection method parsing php anti-injection code (filter parameters) simple and easy-to-understand php SQL anti-injection code php prevents SQL injection code php implements several methods to prevent SQL injection a good php universal anti-injection program php prevents SQL injection functions |