PHP filter special characters and SQL anti-injection code
<?php
Method One
Filter ', ', SQL name
Addslashes ();
Method Two, remove all HTML tags
Strip_tags ();
Method three filters may generate code
function Php_sava ($STR)
{
$farr = Array (
"/s+/",
"/< (/?) (script|i?frame|style|html|body|title|link|meta|?|%) ([^>]*?) >/isu ",
"/(<[^>]*) on[a-za-z]+s*= ([^>]*>)/isu",
);
$tarr = Array (
" ",
' <\1\2\3> ',//If you want to clear the unsafe label directly, leave this blank
"\1\2",
);
$str = Preg_replace ($farr, $tarr, $STR);
return $str;
}
PHP SQL anti-injection code
Class Sqlin
{
Dowith_sql ($value)
function Dowith_sql ($STR)
{
$str = Str_replace ("and", "", $str);
$str = Str_replace ("Execute", "", $str);
$str = Str_replace ("Update", "", $str);
$str = Str_replace ("Count", "", $str);
$str = Str_replace ("Chr", "", $str);
$str = Str_replace ("Mid", "" ", $str);
$str = Str_replace ("Master", "", $str);
$str = Str_replace ("Truncate", "", $str);
$str = Str_replace ("char", "", $str);
$str = Str_replace ("Declare", "", $str);
$str = Str_replace ("Select", "", $str);
$str = Str_replace ("Create", "", $str);
$str = str_replace ("delete", "", $str);
$str = Str_replace ("Insert", "", $str);
$str = Str_replace ("'", "", $str);
$str = Str_replace ("" "," ", $str);
$str = Str_replace ("", "", $str);
$str = Str_replace ("or", "", $str);
$str = str_replace ("=", "", $str);
$str = Str_replace ("%20", "", $str);
Echo $str;
return $str;
}
Aticle () anti-SQL injection function//php Tutorial
function Sqlin ()
{
foreach ($_get as $key => $value)
{
$_get[$key]= $this->dowith_sql ($value);
}
foreach ($_post as $key => $value)
{
$_post[$key]= $this->dowith_sql ($value);
}
}
}
$dbsql =new Sqlin ();
?>
===================================================================================
How to use:
Copy the above code to create a new sqlin.php file, and then include the page with Get or post data received
Principle:
Replace all SQL keywords with null
This code is not available in the message book, to use in the message book, please replace the
.......
$str = Str_replace ("and", "", $str);
To
$str = Str_replace ("%20", "", $str);
...
The code is:
$str = Str_replace ("and", "& #97; nd", $str);
$str = Str_replace ("Execute", "& #101; Xecute", $str);
$str = Str_replace ("Update", "& #117;pd ate", $str);
$str = Str_replace ("Count", "& #99; Ount", $str);
$str = Str_replace ("Chr", "& #99; HR", $str);
$str = Str_replace ("Mid", "& #109; ID", $STR);
$str = Str_replace ("Master", "& #109; Aster", $str);
$str = Str_replace ("Truncate", "& #116; Runcate", $str);
$str = Str_replace ("char", "& #99; har", $str);
$str = Str_replace ("Declare", "& #100; Eclare", $str);
$str = Str_replace ("select", "& #115; elect", $STR);
$str = Str_replace ("Create", "& #99; reate", $str);
$str = str_replace ("delete", "& #100; elete", $str);
$str = Str_replace ("Insert", "& #105; nsert", $str);
$str = Str_replace ("'", "& #39;", $STR);
$str = Str_replace ("" "," & #34; ", $STR);
?