The input value form submits parameter filtering to effectively prevent SQL injection or illegal attacks. The following describes some good methods, if you are interested, do not miss the input value/form submission parameter filtering to effectively prevent SQL injection or illegal attacks. The following describes some good methods. if you are interested, do not miss them.
Input value/form submission parameter filtering to prevent SQL injection or illegal attacks:
The code is as follows:
/*** Filter the keyword for SQL and PHP file operations * @ param string $ string * @ return string * @ author zyb
*/Private function filter_keyword ($ string) {$ keyword = 'SELECT | insert | update | delete | \ '| \/\ * | \. \. \/| \. \/| union | into | load_file | outfile '; $ arr = explode (' | ', $ keyword); $ result = str_ireplace ($ arr, '', $ string ); return $ result;}/*** check whether the entered number is valid and the corresponding id is returned. otherwise, false * @ param integer $ id * @ return mixed * @ author zyb is returned.
*/Protected function check_id ($ id) {$ result = false; if ($ id! = ''&&! Is_null ($ id) {$ var = $ this-> filter_keyword ($ id); // filter the keyword if ($ var! = ''&&! Is_null ($ var) & is_numeric ($ var) {$ result = intval ($ var) ;}} return $ result ;} /*** check whether the entered characters are valid and return the corresponding id; otherwise, false * @ param string $ string * @ return mixed * @ author zyb is returned.
*/Protected function check_str ($ string) {$ result = false; $ var = $ this-> filter_keyword ($ string); // filter keywords for SQL and PHP file operations if (! Empty ($ var) {if (! Get_magic_quotes_gpc () {// judge whether magic_quotes_gpc is enabled $ var = addslashes ($ string ); // filter submitted data when magic_quotes_gpc is not enabled} // $ var = str_replace ("_", "\ _", $ var ); // filter '_' out $ var = str_replace ("%", "\ %", $ var ); // filter '%' out $ var = nl2br ($ var); // press enter to convert $ var = htmlspecialchars ($ var ); // html tag conversion $ result = $ var;} return $ result ;}
The above section details the content of the php input value/form submission parameter filtering method instances that effectively prevent SQL injection. For more information, see PHP Chinese website (www.php1.cn )!