Input value/form submission parameter filtering to prevent SQL injection or illegal attack methods:
The code is as follows:
/** * Filter SQL and PHP file operation keywords * @param string $string * @return String * @author zrp <[email protected]>*/ Private functionFilter_keyword ($string ) { $keyword= select|insert|update|delete|\|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile;$arr=Explode( |,$keyword ); $result=Str_ireplace($arr, ,$string ); return $result; }
View Code/**
* Check whether the entered number is legal, return the corresponding ID legally, otherwise return false
* @param integer $id
* @return Mixed
* @author ZRP <[email protected]>
*/
protected functionCHECK_ID ($id ) { $result=false; if($id!== &&!Is_null($id ) ) { $var=$this->filter_keyword ($id);//keywords for filtering SQL and PHP file operationsif($var!== &&!Is_null($var) &&Is_numeric($var ) ) { $result=intval($var ); } } return $result; }
View Code
/**
* Check if the character entered is legal, return the corresponding ID legally, otherwise return false
* @param string $string
* @return Mixed
* @author ZRP <[email protected]>
*/
protected functionCHECK_STR ($string ) { $result=false; $var=$this->filter_keyword ($string);//keywords for filtering SQL and PHP file operationsif( !Empty($var ) ) { if( !GET_MAGIC_QUOTES_GPC() ) {//determine if the MAGIC_QUOTES_GPC is open$var=addslashes($string);//To filter the submission data without opening the MAGIC_QUOTES_GPC} //$var = Str_replace ("_", "\_", $var);//Filter out the _$var=Str_replace( "%", "\%",$var);//filter out the%$var=NL2BR($var);//Carriage return Conversion$var=Htmlspecialchars($var);//HTML Markup Conversions$result=$var; } return $result; }
View Code
Input value/form submission parameter filtering to prevent SQL injection or illegal attack methods:
The code is as follows:
/**
* Filter SQL and PHP file operation keywords
* @param string $string
* @return String
* @author ZRP <[email protected]>
*/
Private function $string $keyword = select|insert|update|delete|\|\/\*|\*|\.\.\/|\.\/|union|into|load_file| $arrexplode$keyword$result str_ireplace $arr$stringreturn$result
View Code
/**
* Check whether the entered number is legal, return the corresponding ID legally, otherwise return false
* @param integer $id
* @return Mixed
* @author ZRP <[email protected]>
*/
protected function check_id ($id) {
$result = false;
if ($id!== &&!is_null ($id)) {
$var = $this->filter_keyword ($id); Keywords for filtering SQL and PHP file operations
if ($var!== &&!is_null ($var) && is_numeric ($var)) {
$result = Intval ($var);
}
}
return $result;
}
/**
* Check if the character entered is legal, return the corresponding ID legally, otherwise return false
* @param string $string
* @return Mixed
* @author ZRP <[email protected]>
*/
protected functionCHECK_STR ($string ) { $result=false; $var=$this->filter_keyword ($string);//keywords for filtering SQL and PHP file operationsif( !Empty($var ) ) { if( !GET_MAGIC_QUOTES_GPC() ) {//determine if the MAGIC_QUOTES_GPC is open$var=addslashes($string);//To filter the submission data without opening the MAGIC_QUOTES_GPC} //$var = Str_replace ("_", "\_", $var);//Filter out the _$var=Str_replace( "%", "\%",$var);//filter out the%$var=NL2BR($var);//Carriage return Conversion$var=Htmlspecialchars($var);//HTML Markup Conversions$result=$var; } return $result; }
View Code
Input value/form submission parameter filtering effective method to prevent SQL injection