Php SQL anti-injection code set. SQL anti-injection code 1 copy the code as follows :? Php *** anti-SQL injection *** @ author: zhuyubing@gmail.com *** rejectsqlinject * if (! Function_exists (quote) {functionquo
SQL anti-injection code 1
The code is as follows:
/**
* SQL Injection Prevention
* @ Author: zhuyubing@gmail.com
**/
/**
* Reject SQL inject
*/
If (! Function_exists (quote ))
{
Function quote ($ var)
{
If (strlen ($ var ))
{
$ Var =! Get_magic_quotes_gpc ()? $ Var: stripslashes ($ var );
$ Var = str_replace ("'", "\'", $ var );
}
Return "'$ var '";
}
}
If (! Function_exists (hash_num )){
Function hash_num ($ input)
{
$ Hash = 5381;
For ($ I = 0; $ I <strlen ($ str); $ I ++)
{
$ C = ord ($ str {$ I });
$ Hash = ($ hash <5) + $ hash) + $ c;
}
Return $ hash;
}
}
/**************** End ********************** ***/
?>
The code is as follows:
/**
* Anti-SQL Test Code
Create table if not exists 'TB '(
'Id' int (10) unsigned not null auto_increment,
'Age' tinyint (3) unsigned not null,
'Name' char (100) not null,
'Note' text not null,
Primary key ('id ')
) ENGINE = MyISAM default charset = utf8;
**/
Include_once ('Common. php ');
Var_dump (hash_num ('ddddd '));
If (empty ($ _ GET ))
{
$ _ GET = array ('age' => '99', 'name' => 'A \ 'B \ 'C ";', 'note' => "A' B \ '\ nc #");
}
$ Age = (int) $ _ GET ['age'];
$ Name = quote ($ _ GET ['name']);
$ Note = quote ($ _ GET ['note']);
$ SQL = "INSERT INTO 'TB' ('age', 'name', 'note') VALUES
($ Age, $ name, $ note )";
Var_dump ($ SQL );
?>
PHP prevents SQL injection function code 2:
The code is as follows:
$ Magic_quotes_gpc = get_magic_quotes_gpc ();
@ Extract (daddslashes ($ _ COOKIE ));
@ Extract (daddslashes ($ _ POST ));
@ Extract (daddslashes ($ _ GET ));
If (! $ Magic_quotes_gpc ){
$ _ FILES = daddslashes ($ _ FILES );
}
Function daddslashes ($ string, $ force = 0 ){
If (! $ GLOBALS ['Magic _ quotes_gpc '] | $ force ){
If (is_array ($ string )){
Foreach ($ string as $ key => $ val ){
$ String [$ key] = daddslashes ($ val, $ force );
}
} Else {
$ String = addslashes ($ string );
}
}
Return $ string;
}
?>
Php prevents SQL injection Code 3
The code is as follows:
Function inject_check ($ SQL _str) {// prevents injection
$ Check = eregi ('select | insert | update | delete | '|/* | .. /|. /| union | into | load_file | outfile ', $ SQL _str );
If ($ check ){
Echo "illegal injection content entered! ";
Exit ();
} Else {
Return $ SQL _str;
}
}
Function checkurl () {// check the origin path
If (preg_replace ("/https tutorial? : // ([^:/] +). */I "," 1 ", $ _ server ['http _ referer'])! = Preg_replace ("/([^:] +). */", "1", $ _ server ['http _ host']) {
Header ("location: http://s.jb51.net ");
Exit ();
}
}
// Call
Checkurl ();
$ Str = $ _ get ['URL'];
Inject_check ($ SQL _str); // you can perform this operation when obtaining the parameter.
The pipeline code is as follows :? Php/*** SQL Injection Prevention ** @ author: zhuyubing@gmail.com *** // *** reject SQL inject */if (! Function_exists (quote) {function quo...