Anti-SQL injection attacks

Source: Internet
Author: User
Tags sql injection

These two days to see a anti-SQL injection, I think it is necessary to summarize:

The first step is to do some PHP security configuration:

1 change display_errors to off in php.ini

Display_errors = OFF

Or in the PHP file before adding

error_reporting (0)

2 Turn off some "bad features"

1) Turn off the Magic quotes function
Put MAGIC_QUOTES_GPC = off in php.ini
Avoid repeated escapes with addslashes, etc.

2) off register_globals = Off

Put register_globals = off in php.ini

In the case of register_globals = On

3 Using Filter functions

Addslashes to these "'", "" "," \ "," NULL "to add the oblique bar" \ "", "\" "," \ \ "," \null ", Stripslashes is the opposite, it is important to note that the php.ini is open magic_quotes_gpc= On, open if using addslashes will repeat. So the use of the time to first GET_MAGIC_QUOTES_GPC () check

if (! GET_MAGIC_QUOTES_GPC ())  {           $abcaddslashes($abc);  }
if (php_version >= ' 4.3 '$string  =  mysql_real_escape_string($ String); }Else$string  =  mysql_escape_string($string  ); }

4 filtering of non-text parameters

function_str_replace ($str )  {       $str=Str_replace(" ","",$str); $str=Str_replace("\ n", "",$str); $str=Str_replace("\ R", "",$str); $str=Str_replace("‘","",$str); $str=Str_replace(‘"‘,"",$str); $str=Str_replace("or", "",$str); $str=Str_replace("and", "",$str); $str=Str_replace("#","",$str); $str=Str_replace("\\","",$str); $str=Str_replace("-- ","",$str); $str=Str_replace("null", "",$str); $str=Str_replace("%","",$str); //$str = Str_replace ("_", "", $str);      $str=Str_replace(">", "",$str); $str=Str_replace("<", "",$str); $str=Str_replace("=","",$str); $str=Str_replace("Char", "",$str); $str=Str_replace("Declare", "",$str); $str=Str_replace("Select", "",$str); $str=Str_replace("Create", "",$str); $str=Str_replace("delete", "",$str); $str=Str_replace("Insert", "",$str); $str=Str_replace("Execute", "",$str); $str=Str_replace("Update", "",$str); $str=Str_replace("Count", "",$str); return $str; }

Anti-SQL injection attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.