Filter SQL Injection functions used by many open-source systems

$ Magic_quotes_gpc = values (); @ extract (daddslashes ($ _ COOKIE); @ extract (daddslashes ($ _ POST); @ extract (daddslashes ($ _ GET )); if (! $ Magic_quotes_gpc) {$ _ FILES = daddslashes ($ _ FILES);} function daddslashes ($ string, $ force = 0) {if (! $ GLOBALS ['Magic _ quotes_gpc '] | $ force) {if (is_array ($ string) {foreach ($ string as $ key => $ val) {$ string [$ key] = daddslashes ($ val, $ force) ;}} else {$ string = addslashes ($ string) ;}} return $ string ;} you can enhance the following code to protect server security. It is very important for PHP to prevent SQL Injection security functions! /* Function name: inject_check () function: checks whether the submitted value contains SQL Injection characters to prevent injection and protect server security parameters: $ SQL _str: return Value of the submitted variable: return the detection result, true or false */function inject_check ($ SQL _str) {return eregi ('select | insert | and | or | update | delete | \ '| \/\ * | \. \. \/| \. \/| union | into | load_file | outfile ', $ SQL _str); // filter}/* function name: verify_id () function purpose: check whether the submitted ID class value is a valid parameter: $ id: returned ID of the submitted ID value: returned id */function verify_id ($ ID = null) {if (! $ Id) {exit ('no submission parameter! ');} // Determines whether the elseif (inject_check ($ id) {exit ('the submitted parameter is invalid! ');} // Elseif (! Is_numeric ($ id) {exit ('the submitted parameter is invalid! ');} // Numeric judgment $ id = intval ($ id); // return $ id;}/* function name: str_check () function: filter parameters for submitted strings: $ var: Return Value of the string to be processed: return the filtered string */function str_check ($ str) {if (! Get_magic_quotes_gpc () {// judge whether magic_quotes_gpc is enabled $ str = addslashes ($ str); // filter} $ str = str_replace ("_","\_", $ str); // filter '_' out $ str = str_replace ("%", "\ %", $ str ); // filter '%' out return $ str;}/* function name: post_check () function: Processing Parameters for submitted editing content: $ post: returned value of the content to be submitted: $ post: returned filtered content */function post_check ($ post) {if (! Get_magic_quotes_gpc () {// judge whether magic_quotes_gpc is enabled $ post = addslashes ($ post ); // filter submitted data when magic_quotes_gpc is not enabled} $ post = str_replace ("_", "\ _", $ post ); // filter '_' out $ post = str_replace ("%", "\ %", $ post ); // filter '%' out $ post = nl2br ($ post); // press enter to convert $ post = htmlspecialchars ($ post); // convert the html tag to return $ post ;}