PHP anti-SQL injection attack collection does not have much filtering, mainly for the combination of PHP and MySQL. General anti-injection, as long as the use of PHP addslashes function is possible. Here is a copy of the code: PHP Code $_post = sql_injection ($_post); $_get = Sql_injection ($_get); function sql_injection ($content) { if (!GET_MAGIC_QUOTES_GPC ()) { if (Is_array ($content ) { foreach ($content as $key = + $value) { $content [$key] = addslashes ($value); } } else {  ; Addslashes ($content); } } return $content; &NBSP, Do the system, you can use the following code, but also copy. PHP code function Inject_check ($sql _str) { return eregi (' select|insert| Update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile ', $sql _str); //filtering } function verify_id ( $id =null) { if (! $id) {exit (' no submit parameter! ‘); } //is null-judged ElseIf (Inject_check ($id)) {exit (' arguments submitted are illegal! ‘); } // Injection judgment ElseIf (!is_numeric ($id)) {exit (' arguments submitted are illegal! ‘); } //Digital judgment $id = Intval ($id); //integer return $id; &NBSP,} function Str_check ($str) { &nbs P if (!GET_MAGIC_QUOTES_GPC ()) { //determines if MAGIC_QUOTES_GPC is open $STR = Addslashes ($STR); //filtering } $str = Str_replace ("_", "\_", $str); //' _ ' filter out $str = str_replace ("%", "\%", $str); //'% ' filter out return $str; &NBSP,} function Post_check ($post) { &nbs P if (!GET_MAGIC_QUOTES_GPC ()) { //determines if MAGIC_QUOTES_GPC is open &NBSp $post = addslashes ($post); //do MAGIC_QUOTES_GPC not open the filter for submission data } $post = Str_repl Ace ("_", "\_", $post); //' _ ' filter out $post = str_replace ("%", "\%", $post); //'% ' filter out $post = NL2BR ($post); //Enter conversion $post = Htmlspecialchars ($post); //HTML tag conversion return $post;  }
PHP anti-SQL injection attacks