Perfect php anti-SQL injection code. A perfect php anti-SQL injection code. many beginners have experience in SQL injection. today we will share with you a complete SQL anti-injection code, if you have a need, you can refer to a perfect php anti-SQL injection code. many beginners have experience in SQL injection, today we will share with you a relatively complete SQL anti-injection code. if you need it, refer/
The code is as follows: |
|
/************************* Note: Determines whether the passed variable contains invalid characters. Such as $ _ POST and $ _ GET Function: Anti-injection *************************/ // Invalid characters to be filtered $ ArrFiltrate = array ("'", "or", "and", "union", "where "); // The url to be redirected after an error occurs. If this parameter is left blank, the previous page is displayed by default. $ StrGoUrl = ""; // Whether the value in the array exists Function FunStringExist ($ StrFiltrate, $ ArrFiltrate ){ Foreach ($ ArrFiltrate as $ key => $ value ){ If (eregi ($ value, $ StrFiltrate )){ Return true; } } Return false; } // Merge $ _ POST and $ _ GET If (function_exists (array_merge )){ $ ArrPostAndGet = array_merge ($ HTTP_POST_VARS, $ HTTP_GET_VARS ); } Else { Foreach ($ HTTP_POST_VARS as $ key => $ value ){ $ ArrPostAndGet [] = $ value; } Foreach ($ HTTP_GET_VARS as $ key => $ value ){ $ ArrPostAndGet [] = $ value; } } // Verification starts Foreach ($ ArrPostAndGet as $ key => $ value ){ If (FunStringExist ($ value, $ ArrFiltrate )){ Echo" |