Overall anti-injection method in PHP website

Source: Internet
Author: User
Tags filter foreach variables php website
Anti-injection

When writing code today, it suddenly occurred to me that it was not possible to use a file to handle all the sites that might have been injected. This saves time and code by not filtering each variable in every program.

We are mainly from two points, because our obtained variables are usually through get or post way over, then we simply filter the gets and post over the variables, then we can achieve the effect of preventing injection. And our PHP is really very good, has built-in $_get and $_post two arrays to store all variables, we have to do is to filter each variable on it.

Here's a look at the specific code:

* Author:heiyeluren * *
/* Filter all get over variable * *
foreach ($_get as $get _key=> $get _var)
{
if (Is_numeric ($get _var))
if (Is_numeric ($get _var)) {
$get [Strtolower ($get _key)] = Get_int ($get _var);
} else {
$get [Strtolower ($get _key)] = Get_str ($get _var);
}
}

* * Filter all post variables.
foreach ($_post as $post _key=> $post _var)
{
if (Is_numeric ($post _var)) {
$post [Strtolower ($post _key)] = Get_int ($post _var);
} else {
$post [Strtolower ($post _key)] = Get_str ($post _var);
}
}

/* Filter Function * *
Integer Filter function
function Get_int ($number)
{
Return Intval ($number);
}
string-Type Filter functions
function Get_str ($string)
{
if (!GET_MAGIC_QUOTES_GPC ()) {
Return addslashes ($string);
}
return $string;
}

So we put the above code in a public file, such as security.inc.php inside, each file include this file, then can give any one of the program to submit all the variables to filter, to achieve the effect of our once and for all.

In addition, there are some other filtering methods, such as the use of the keyword I used to filter the method: http://dev.csdn.net/article/71/71475.shtm
You can also refer to the three-foot ice writing method: Http://www.fanghei.com/html/2005-06/20050607114008.htm

The method is different, but the core is for our code to be more secure.

Author:heiyeluren
Date:2005-7-20




Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.