SQL universal anti-injection system
This article provides this anti-SQL injection code, which is a php Tutorial SQL double filter function for illegal characters. it can prevent SQL injection based on user-defined settings. First, it filters some SQL commands, the second is to filter the post get once. it is best to verify it.
*/
// Anti-injection
$ Arrfiltrate = array ("update", "delete", "selert", "drop", "exec", "cast", "'", "union ");
// The url to be redirected after an error occurs. If this parameter is left blank, the previous page is displayed by default.
$ Strgourl = "";
// Whether the value in the array exists
Function funstringexist ($ strfiltrate, $ arrfiltrate ){
Foreach ($ arrfiltrate as $ key => $ value ){
If (eregi ($ value, $ strfiltrate )){
Return true;
}
}
Return false;
}
// Merge $ _ post and $ _ get
If (function_exists (array_merge )){
$ Arrpostandget = array_merge ($ http_post_vars, $ http_get_vars );
} Else {
Foreach ($ http_post_vars as $ key => $ value ){
$ Arrpostandget [] = $ value;
}
Foreach ($ http_get_vars as $ key => $ value ){
$ Arrpostandget [] = $ value;
}
}
// Verification starts
Foreach ($ arrpostandget as $ key => $ value ){
If (funstringexist ($ value, $ arrfiltrate )){
Echo "";
If (empty ($ strgourl )){
Echo "";
} Else {
Echo "";
}
Echo "script" alert ('The system has detected illegal characters! '); History. back (); script ";
Exit ();
}
}
?>
SQL double filter function for illegal characters, which can prevent SQL injection based on user-defined, first filter some sq...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
