PHP simple implementation of SQL anti-injection method PHP How to prevent SQL injection PHP SQL query PHP connection SQL data

This paper describes the simple implementation of SQL anti-injection method in PHP. Share to everyone for your reference, as follows:

There is not much filtering here, mainly for PHP and MySQL combination.

General anti-injection, as long as the use of PHP addslashes function is possible.

Here's a copy of the code:

PHP Code:

$_post = Sql_injection ($_post); $_get = Sql_injection ($_get); function Sql_injection ($content) {if (!get_magic_quotes_ GPC ()) {if (Is_array ($content)) {foreach ($content as $key = = $value) {$content [$key] = addslashes ($value);}} else {adds Lashes ($content);}} return $content;}

To do the system, you can use the following code, but also copy.

PHP Code:

function Inject_check ($sql _str) {return eregi (' select|insert|update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load  _file|outfile ', $sql _str); Filter}function verify_id ($id =null) {if (! $id) {exit (' no submit parameter!) '); }//Is null-judged ElseIf (Inject_check ($id)) {exit (' The argument submitted is illegal! '); }//Injection judgment ElseIf (!is_numeric ($id)) {exit (' The argument submitted is illegal! ');  }//Digital judgment $id = Intval ($id); Integer return $id;}  function Str_check ($STR) {if (!GET_MAGIC_QUOTES_GPC ()) {///Determines whether the MAGIC_QUOTES_GPC is open $str = Addslashes ($STR);  Filter} $STR = Str_replace ("_", "\_", $str);  Filter out the ' _ ' $str = Str_replace ("%", "\%", $str); Filter out the '% ' to return $str;}  function Post_check ($post) {if (!GET_MAGIC_QUOTES_GPC ()) {///Determines whether the MAGIC_QUOTES_GPC is open $post = Addslashes ($post);  The MAGIC_QUOTES_GPC does not open the filter for the submitted data} $post = Str_replace ("_", "\_", $post);  Filter out the ' _ ' $post = Str_replace ("%", "\%", $post);  Filter out the '% ' $post = NL2BR ($post);  Enter Conversion $post = Htmlspecialchars ($post); HTML tags convert return $post;}

More about PHP related content readers can view the topic: "PHP Programming Security Tutorial", "PHP Security Filtering Skills Summary", "PHP operation and operator Usage Summary", "PHP Network Programming Skills Summary", "PHP Basic Grammar Introductory Tutorial", " PHP's tips for working with Office documents (including WORD,EXCEL,ACCESS,PPT), PHP tutorial for object-oriented programming, PHP string usage Summary, PHP+MYSQL database operations Getting Started tutorial, and A summary of common PHP database operation techniques

I hope this article is helpful to you in PHP programming.

The above describes the PHP simple implementation of SQL anti-injection method, including the sql,php aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

