Php general anti-injection and injection details _ PHP Tutorial

Php general anti-injection and injection details. Php universal anti-injection mainly filters some SQL commands and reference passed by phppostget. we need to filter some illegal characters to prevent basic injection, that's especially true for apache server php universal anti-injection. it mainly filters some SQL commands and php post get for reference. We/want to filter out some illegal characters, which can prevent basic injection, it is also necessary to install and set the apache server. Both the administrator username and password are encrypted using md5, which effectively prevents php injection.

Php Tutorial general anti-injectionIt mainly filters some SQL commands and php post get for reference. We/want to filter out some illegal characters, which can prevent basic injection, it is also necessary to install and set the apache server. Both the administrator username and password are encrypted using md5, which effectively prevents php injection.
The server and mysql tutorials also require enhanced security.
For linux server security settings:
Use the "/usr/sbin/authconfig" tool to enable the password shadow function and encrypt the password.
Prohibit access to important files. go to the linux command interface and enter:
# Chmod 600/etc/inetd. conf // change the file attribute to 600
# Chattr + I/etc/inetd. conf // ensure that the file owner is root
# Chattr-I/etc/inetd. conf // restrict changes to this file
Prohibit any user from changing to a root user through the su command
Add the following two lines at the beginning of the su configuration file/etc/pam. d:
Auth sufficient/lib/security/pam_rootok.so debug
Auth required/lib/security/pam_whell.so group = wheel
Delete all special accounts
# Deleting users such as userdel lp
# Delete groups such as groupdel lp
Disable unused suid/sgid programs
# Find/-type f (-perm-04000-o-perm-02000)-execls-lg {};

$ Arrfiltrate = array ("'", ";", "union", "select", "insert", "update", "delete", "load_file ", "outfile ");

// Url to jump after an error

$ Strgourl = "";

Function funstringexist ($ strfiltrate, $ arrfiltrate)
{
Foreach ($ arrfiltrate as $ key => $ value)
{
If (eregi ($ value, $ strfiltrate ))
{
Return true;
}
}
Return false;
}

// Merge $ _ post, $ _ get, and $ _ cookie

If (function_exists (array_merge ))
{
$ Arrpostgetcookiesession = array_merge ($ http_post_vars, $ http_get_vars, $ http_cookie_vars );
$ String = implode ("", $ arrpostgetcookiesession );
}

// Verify

If (funstringexist ($ string, $ arrfiltrate ))
{
Echo"