SQL anti-injection Code one
Copy CodeThe code is as follows:
/**
* Anti-SQL injection
* @author: zhuyubing@gmail.com
* */
/**
* Reject SQL Inject
*/
if (!function_exists (quote))
{
function quote ($VAR)
{
if (strlen ($var))
{
$var =!GET_MAGIC_QUOTES_GPC ()? $var: Stripslashes ($var);
$var = Str_replace ("'", "\ '", $var);
}
Return "' $var '";
}
}
if (!function_exists (Hash_num)) {
function Hash_num ($input)
{
$hash = 5381;
for ($i = 0; $i < strlen ($STR); $i + +)
{
$c = Ord ($str {$i});
$hash = (($hash << 5) + $hash) + $c;
}
return $hash;
}
}
/**************** End *************************/
?>
Copy CodeThe code is as follows:
/**
* Anti-SQL test code
CREATE TABLE IF not EXISTS ' TB ' (
' id ' int (ten) unsigned not NULL auto_increment,
' Age ' tinyint (3) unsigned not NULL,
' Name ' char (+) is not NULL,
' Note ' text is not NULL,
PRIMARY KEY (' id ')
) Engine=myisam DEFAULT Charset=utf8;
**/
Include_once (' common.php ');
Var_dump (Hash_num (' dddd '));
if (empty ($_get))
{
$_get = Array (' Age ' = ' * ', ' name ' = ' a\ ' b\\\ ' C '; ', ' note ' = ' "A ' b\ ' \nc#");
}
$age = (int) $_get[' age ';
$name = quote ($_get[' name ');
$note = quote ($_get[' note ');
$sql = "INSERT into ' TB ' (' age ', ' name ', ' note ') VALUES
($age, $name, $note) ";
Var_dump ($sql);
?>
PHP prevents SQL injection function code two:
Copy CodeThe code is as follows:
$magic _QUOTES_GPC = GET_MAGIC_QUOTES_GPC ();
@extract (Daddslashes ($_cookie));
@extract (Daddslashes ($_post));
@extract (Daddslashes ($_get));
if (! $magic _QUOTES_GPC) {
$_files = Daddslashes ($_files);
}
function Daddslashes ($string, $force = 0) {
if (! $GLOBALS [' MAGIC_QUOTES_GPC '] | | $force) {
if (Is_array ($string)) {
foreach ($string as $key = = $val) {
$string [$key] = Daddslashes ($val, $force);
}
} else {
$string = Addslashes ($string);
}
}
return $string;
}
?>
PHP prevents SQL injection code three
Copy CodeThe code is as follows:
function Inject_check ($sql _str) {//Prevent injection
$check = eregi (' select|insert|update|delete| ' | /*|*|.. /|. /|union|into|load_file|outfile ', $sql _str);
if ($check) {
echo "Input illegal injection content! ";
Exit ();
} else {
return $sql _str;
}
}
function Checkurl () {//Check the antecedents
if (preg_replace ("/https tutorial?:/ /([^:/]+). */i "," 1 ", $_server[' Http_referer '])!== preg_replace ("/([^:]+). */"," 1 ", $_server[' Http_host ']) {
Header ("Location:http://s.jb51.net");
Exit ();
}
}
Call
Checkurl ();
$str = $_get[' url '];
Inject_check ($sql _str);//This can be done when the parameter is obtained
http://www.bkjia.com/PHPjc/319028.html www.bkjia.com true http://www.bkjia.com/PHPjc/319028.html techarticle SQL anti-injection code a copy code is as follows: PHP/** * anti-SQL injection * @author: zhuyubing@gmail.com * *//** * Reject SQL Inject */if (!FUNCTION_EX ists (quote)) {function Quo ...