In php, $ _ GET and $ _ POST filter SQL injection methods, _ get_post. In php, $ _ GET and $ _ POST filter SQL injection methods. _ get_post this article describes how to filter SQL injection by $ _ GET and $ _ POST in php, share it with you for your reference. The specific analysis is as follows: In This php, $ _ GET and $ _ POST filter SQL injection methods, _ get_post
This article describes how to filter SQL injection by $ _ GET and $ _ POST in php. The specific analysis is as follows:
This function can only filter sensitive SQL commands, such as id = 1, you still need to simply filter.
The main implementation code is as follows:
The code is as follows:
If (! Get_magic_quotes_gpc ())
{
If (! Empty ($ _ GET ))
{
$ _ GET = addslashes_deep ($ _ GET );
}
If (! Empty ($ _ POST ))
{
$ _ POST = addslashes_deep ($ _ POST );
}
$ _ COOKIE = addslashes_deep ($ _ COOKIE );
$ _ REQUEST = addslashes_deep ($ _ REQUEST );
}
Function addslashes_deep ($ value)
{
If (empty ($ value ))
{
Return $ value;
}
Else
{
Return is_array ($ value )? Array_map ('addslashes _ deep ', $ value): addslashes ($ value );
}
}
I hope this article will help you with PHP programming.
Php filter SQL injection, beginner
In the PHP4 environment, I wrote a code against SQL injection, which is compatible with PHP5. You are welcome to modify the code and use it.
The code is as follows:
/*
Sqlin anti-injection class
*/
Class sqlin
{
// Dowith_ SQL ($ value)
Function dowith_ SQL ($ str)
{
$ Str = str_replace ("and", "", $ str );
$ Str = str_replace ("execute", "", $ str );
$ Str = str_replace ("update", "", $ str );
$ Str = str_replace ("count", "", $ str );
$ Str = str_replace ("chr", "", $ str );
$ Str = str_replace ("mid", "", $ str );
$ Str = str_replace ("master", "", $ str );
$ Str = str_replace ("truncate", "", $ str );
$ Str = str_replace ("char", "", $ str );
$ Str = str_replace ("declare", "", $ str );
$ Str = str_replace ("select", "", $ str );
$ Str = str_replace ("create", "", $ str );
$ Str = str_replace ("delete", "", $ str );
$ Str = str_replace ("insert", "", $ str );
$ Str = str_replace ("'", "", $ str );
$ Str = str_replace ("", "", $ str );
$ Str = str_replace ("", "", $ str );
$ Str = str_replace ("or", "", $ str );
$ Str = str_replace ("=", "", $ str );
$ Str = str_replace ("% 20", "", $ str );
// Echo $ str;
Return $ str;
}
// Aticle () anti-SQL injection function
Function sqlin ()
{
Foreach ($ _ GET as $ key => $ value)
{
$ _ GE ...... remaining full text>
Php's anti-SQL injection and filtering problems for thinkphp
Use a filtered value to determine whether the two are enabled.
Get_magic_quotes_gpc (); if it is not enabled, use either of the following two filters.
Mysql_real_escape_string (); used in SQL statements
Addslashes ();
For example:
If (! Get_magic_quotes_gpc ()){
$ Lastname = addslashes ($ _ POST ['lastname']);
// Or mysql_real_escape_string ($ _ POST ['lastname'])
} Else {
$ Lastname = $ _ POST ['lastname'];
}
Examples in this article describes how to filter SQL injection by $ _ GET and $ _ POST in php. The specific analysis is as follows...