Php is simple to implement the SQL anti-injection method, and php SQL anti-injection. Php is a simple way to implement SQL Injection Prevention. phpsql injection prevention examples in this article describe php's simple method to implement SQL Injection Prevention. I would like to share it with you for your reference. The details are as follows: there are not many php simple SQL anti-injection methods and php SQL anti-injection methods.
This example describes how to implement SQL injection protection in php. We will share this with you for your reference. The details are as follows:
There is not much filtering here, mainly for the combination of php and mysql.
For general anti-injection, you only need to use the php addslashes function.
The following is a copy of the code:
PHP code:
$_POST = sql_injection($_POST);$_GET = sql_injection($_GET);function sql_injection($content){if (!get_magic_quotes_gpc()) {if (is_array($content)) {foreach ($content as $key=>$value) {$content[$key] = addslashes($value);}} else {addslashes($content);}}return $content;}
For the system, you can use the following code and copy it.
PHP code:
Function inject_check ($ SQL _str) {return eregi ('select | insert | update | delete | \ '| \/\ * | \. \. \/| \. \/| union | into | load_file | outfile ', $ SQL _str); // filter} function verify_id ($ id = null) {if (! $ Id) {exit ('no submission parameter! ');} // Determines whether the elseif (inject_check ($ id) {exit ('The submitted parameter is invalid! ');} // Elseif (! Is_numeric ($ id) {exit ('The submitted parameter is invalid! ');} // Numeric judgment $ id = intval ($ id); // return $ id;} function str_check ($ str) {if (! Get_magic_quotes_gpc () {// judge whether magic_quotes_gpc is enabled $ str = addslashes ($ str); // filter} $ str = str_replace ("_","\_", $ str); // filter '_' out $ str = str_replace ("%", "\ %", $ str ); // filter '%' Out return $ str;} function post_check ($ post) {if (! Get_magic_quotes_gpc () {// judge whether magic_quotes_gpc is enabled $ post = addslashes ($ post ); // filter submitted data when magic_quotes_gpc is not enabled} $ post = str_replace ("_", "\ _", $ post ); // filter '_' out $ post = str_replace ("%", "\ %", $ post ); // filter '%' out $ post = nl2br ($ post); // press enter to convert $ post = htmlspecialchars ($ post); // Convert the html tag to return $ post ;}