There are not too many filters, mainly for PHP and MySQL combination.
General anti-injection, as long as the use of PHP addslashes function is possible.
Here's a copy of the code:
PHP Code
- $_post = Sql_injection ($_post);
- $_get = Sql_injection ($_get);
- function Sql_injection ($content)
- {
- if (!GET_MAGIC_QUOTES_GPC ()) {
- if (Is_array ($content)) {
- foreach ($content as $key = = $value) {
- $content [$key] = addslashes ($value);
- }
- } else {
- Addslashes ($content);
- }
- }
- return $content;
- }
To do the system, you can use the following code, but also copy.
PHP Code
- function Inject_check ($sql _str) {
- Return eregi (' select|insert|update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile ', $sql _str); To filter
- }
- function verify_id ($id =null) {
- if (! $id) {exit (' No arguments are submitted! ‘); }//Is null-judged
- ElseIf (Inject_check ($id)) {exit (' argument submitted is illegal! ‘); }//Injection judgment
- ElseIf (!is_numeric ($id)) {exit (' argument submitted is illegal! ‘); }//Digital judgment
- $id = Intval ($id); The whole type of
- return $id;
- }
- function Str_check ($STR) {
- if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open
- $str = Addslashes ($STR); To filter
- }
- $str = Str_replace ("_", "\_", $str); Filter out the ' _ '
- $str = str_replace ("%", "\%", $str); Filter out the '% '
- return $str;
- }
- function Post_check ($post) {
- if (!GET_MAGIC_QUOTES_GPC ()) {//Determine if MAGIC_QUOTES_GPC is open
- $post = Addslashes ($post); To filter the submission data without opening the MAGIC_QUOTES_GPC
- }
- $post = Str_replace ("_", "\_", $post); Filter out the ' _ '
- $post = str_replace ("%", "\%", $post); Filter out the '% '
- $post = NL2BR ($post); Carriage return Conversion
- $post = Htmlspecialchars ($post); HTML markup Conversions
- return $post;
- }
PHP SQL anti-injection