PHP simple implementation of SQL anti-injection method PHP How to prevent SQL injection PHP SQL query PHP connection SQL data

Source: Internet
Author: User
Tags how to prevent sql injection php and mysql php database sql injection php
This paper describes the simple implementation of SQL anti-injection method in PHP. Share to everyone for your reference, as follows:

There is not much filtering here, mainly for PHP and MySQL combination.

General anti-injection, as long as the use of PHP addslashes function is possible.

Here's a copy of the code:

PHP Code:

$_post = Sql_injection ($_post); $_get = Sql_injection ($_get); function Sql_injection ($content) {if (!get_magic_quotes_ GPC ()) {if (Is_array ($content)) {foreach ($content as $key = = $value) {$content [$key] = addslashes ($value);}} else {adds Lashes ($content);}} return $content;}

To do the system, you can use the following code, but also copy.

PHP Code:

function Inject_check ($sql _str) {return eregi (' select|insert|update|delete|\ ' |\/\*|\*|\.\.\/|\.\/|union|into|load  _file|outfile ', $sql _str); Filter}function verify_id ($id =null) {if (! $id) {exit (' no submit parameter!) '); }//Is null-judged ElseIf (Inject_check ($id)) {exit (' The argument submitted is illegal! '); }//Injection judgment ElseIf (!is_numeric ($id)) {exit (' The argument submitted is illegal! ');  }//Digital judgment $id = Intval ($id); Integer return $id;}  function Str_check ($STR) {if (!GET_MAGIC_QUOTES_GPC ()) {///Determines whether the MAGIC_QUOTES_GPC is open $str = Addslashes ($STR);  Filter} $STR = Str_replace ("_", "\_", $str);  Filter out the ' _ ' $str = Str_replace ("%", "\%", $str); Filter out the '% ' to return $str;}  function Post_check ($post) {if (!GET_MAGIC_QUOTES_GPC ()) {///Determines whether the MAGIC_QUOTES_GPC is open $post = Addslashes ($post);  The MAGIC_QUOTES_GPC does not open the filter for the submitted data} $post = Str_replace ("_", "\_", $post);  Filter out the ' _ ' $post = Str_replace ("%", "\%", $post);  Filter out the '% ' $post = NL2BR ($post);  Enter Conversion $post = Htmlspecialchars ($post); HTML tags convert return $post;}

More about PHP related content readers can view the topic: "PHP Programming Security Tutorial", "PHP Security Filtering Skills Summary", "PHP operation and operator Usage Summary", "PHP Network Programming Skills Summary", "PHP Basic Grammar Introductory Tutorial", " PHP's tips for working with Office documents (including WORD,EXCEL,ACCESS,PPT), PHP tutorial for object-oriented programming, PHP string usage Summary, PHP+MYSQL database operations Getting Started tutorial, and A summary of common PHP database operation techniques

I hope this article is helpful to you in PHP programming.

The above describes the PHP simple implementation of SQL anti-injection method, including the sql,php aspects of the content, I hope that the PHP tutorial interested in a friend helpful.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.