Anti-SQL injection attacks

These two days to see a anti-SQL injection, I think it is necessary to summarize:

The first step is to do some PHP security configuration:

1 change display_errors to off in php.ini

Display_errors = OFF

Or in the PHP file before adding

error_reporting (0)

2 Turn off some "bad features"

1) Turn off the Magic quotes function
Put MAGIC_QUOTES_GPC = off in php.ini
Avoid repeated escapes with addslashes, etc.

2) off register_globals = Off

Put register_globals = off in php.ini

In the case of register_globals = On

3 Using Filter functions

Addslashes to these "'", "" "," \ "," NULL "to add the oblique bar" \ "", "\" "," \ \ "," \null ", Stripslashes is the opposite, it is important to note that the php.ini is open magic_quotes_gpc= On, open if using addslashes will repeat. So the use of the time to first GET_MAGIC_QUOTES_GPC () check

if (! GET_MAGIC_QUOTES_GPC ())  {           $abcaddslashes($abc);  }

if (php_version >= ' 4.3 '$string  =  mysql_real_escape_string($ String); }Else$string  =  mysql_escape_string($string  ); }

4 filtering of non-text parameters

function_str_replace ($str )  {       $str=Str_replace(" ","",$str); $str=Str_replace("\ n", "",$str); $str=Str_replace("\ R", "",$str); $str=Str_replace("‘","",$str); $str=Str_replace(‘"‘,"",$str); $str=Str_replace("or", "",$str); $str=Str_replace("and", "",$str); $str=Str_replace("#","",$str); $str=Str_replace("\\","",$str); $str=Str_replace("-- ","",$str); $str=Str_replace("null", "",$str); $str=Str_replace("%","",$str); //$str = Str_replace ("_", "", $str);      $str=Str_replace(">", "",$str); $str=Str_replace("<", "",$str); $str=Str_replace("=","",$str); $str=Str_replace("Char", "",$str); $str=Str_replace("Declare", "",$str); $str=Str_replace("Select", "",$str); $str=Str_replace("Create", "",$str); $str=Str_replace("delete", "",$str); $str=Str_replace("Insert", "",$str); $str=Str_replace("Execute", "",$str); $str=Str_replace("Update", "",$str); $str=Str_replace("Count", "",$str); return $str; }

Anti-SQL injection attacks