SQL Injection preventionCodeI
Copy code The Code is as follows: <? PHP
/**
* SQL Injection prevention
* @ Author: zhuyubing@gmail.com
**/
/**
* Reject SQL inject
*/
If (! Function_exists (quote ))
{
Function quote ($ var)
{
If (strlen ($ var ))
{
$ Var =! Get_magic_quotes_gpc ()? $ Var: stripslashes ($ var );
$ Var = str_replace ("'", "\'", $ var );
}
Return "'$ var '";
}
}
If (! Function_exists (hash_num )){
Function hash_num ($ input)
{
$ Hash = 5381;
For ($ I = 0; $ I <strlen ($ Str); $ I ++)
{
$ C = ord ($ STR {$ I });
$ Hash = ($ hash <5) + $ hash) + $ C;
}
Return $ hash;
}
}
/**************** End ********************** ***/
?>
Copy code The Code is as follows: <? PHP
/**
* Anti-SQL test code
Create Table if not exists 'tb '(
'Id' int (10) unsigned not null auto_increment,
'Age' tinyint (3) unsigned not null,
'Name' char (100) not null,
'Note' text not null,
Primary Key ('id ')
) Engine = MyISAM default charset = utf8;
**/
Include_once ('common. php ');
Var_dump (hash_num ('ddddd '));
If (empty ($ _ Get ))
{
$ _ Get = array ('age' => '99', 'name' => 'a \ 'B \ 'C ";', 'note' => "a' B \ '\ NC #");
}
$ Age = (INT) $ _ Get ['age'];
$ Name = quote ($ _ Get ['name']);
$ Note = quote ($ _ Get ['note']);
$ SQL = "insert into 'tb' ('age', 'name', 'note') Values
($ Age, $ name, $ note )";
Var_dump ($ SQL );
?>
PHP prevents SQL Injection Function Code 2:
Copy codeThe Code is as follows: <? PHP
$ Magic_quotes_gpc = get_magic_quotes_gpc ();
@ Extract (daddslashes ($ _ cookie ));
@ Extract (daddslashes ($ _ post ));
@ Extract (daddslashes ($ _ Get ));
If (! $ Magic_quotes_gpc ){
$ _ FILES = daddslashes ($ _ files );
}
function daddslashes ($ string, $ force = 0) {
If (! $ Globals ['Magic _ quotes_gpc '] | $ force) {
If (is_array ($ string )) {
foreach ($ string as $ key => $ Val) {
$ string [$ key] = daddslashes ($ Val, $ force );
}< BR >}else {
$ string = addslashes ($ string);
}< BR >}< br> return $ string;
}< BR >?>
PHP prevents SQL Injection code 3
copy Code the code is as follows: function inject_check ($ SQL _str) {// prevents injection
$ check = eregi ('select | insert | update | Delete | '|/* | .. /|. /| Union | into | load_file | OUTFILE ', $ SQL _str);
if ($ check) {
echo "the input is invalid! ";
exit ();
}else {
return $ SQL _str;
}< BR >}< br> function checkurl () {// check the path
If (preg_replace ("/HTTPS tutorial?: // ([^:/] +). */I "," 1 ", $ _ server ['HTTP _ referer'])! = Preg_replace ("/([^:] + ). */"," 1 ", $ _ server ['HTTP _ host']) {
header (" Location: http://s.jb51.net ");
exit ();
}< BR >}< br> // call
checkurl ();
$ STR =$ _ Get ['url'];
inject_check ($ SQL _str); // you can perform this operation when obtaining the parameter.