PHP to prevent SQL injection of filter paging parameter instances, SQL paging _php tutorial

PHP to prevent SQL injection of filtering paging parameter instances, SQL paging

The example in this paper describes how PHP prevents filtering paging parameters in SQL injection. Share to everyone for your reference. The specific analysis is as follows:

In terms of network security, do not trust any input information on the network, we must filter the parameters for any input information. For this, let's take a look at the following example:

The

copy Code code is as follows: $this->load->library (' pagination ');
$config [' base_url '] = Site_url (). '/guest/show ';
$config [' total_rows '] = $c;
$config [' per_page '] = $pernum = 15;
$config [' uri_segment '] = 3;
$config [' use_page_numbers '] = TRUE;
$config [' first_link '] = ' first page ';
$config [' last_link '] = ' last page ';
$config [' num_links '] = 5;
$this->pagination->initialize ($config);
if (! $this->uri->segment (3)) {
$currentnum = 0;
} else {
$currentnum = is_numeric ($this->uri-& Gt;segment (3))? (Intval ($this->uri->segment (3)-1)) * $pernum: 0;
}

$current _page=is_numeric ($this->uri->segment (3))? Intval ($this->uri->segment (3)): 1;
if ($current _page) {
$data [' title '] = ' first '. $current _page. ' Page-guestbook-anti-SQL injection test ';
}
else{
$data [' title '] = ' message book-Anti-SQL injection test ';
}

$data [' liuyan '] = $this->ly->getly ($pernum, $currentnum);
Where:

Copy the code as follows: $current _page=is_numeric ($this->uri->segment (3))? Intval ($this->uri->segment (3)) : 1;
$currentnum = Is_numeric ($this->uri->segment (3))? (Intval ($this->uri->segment (3)-1)) * $PERNUM;
These two sentences determine whether the parameter is a number. Prevents illegal character input.

I hope this article is helpful to everyone's PHP programming.

PHP Filter SQL injection, novice

I wrote an anti-SQL injection code in PHP4 environment, after the actual use of PHP5 is also compatible, welcome to use the modification, use.
The code is as follows:
/*
Sqlin Anti-injection class
*/
Class Sqlin
{

Dowith_sql ($value)
function Dowith_sql ($STR)
{
$str = Str_replace ("and", "", $str);
$str = Str_replace ("Execute", "", $str);
$str = Str_replace ("Update", "", $str);
$str = Str_replace ("Count", "", $str);
$str = Str_replace ("Chr", "", $str);
$str = Str_replace ("Mid", "", $str);
$str = Str_replace ("Master", "", $str);
$str = Str_replace ("Truncate", "", $str);
$str = Str_replace ("char", "", $str);
$str = Str_replace ("Declare", "", $str);
$str = Str_replace ("Select", "", $str);
$str = Str_replace ("Create", "", $str);
$str = str_replace ("delete", "", $str);
$str = Str_replace ("Insert", "", $str);
$str = Str_replace ("'", "" ", $str);
$str = Str_replace ("" "," ", $str);
$str = Str_replace ("", "" ", $str);
$str = Str_replace ("or", "", $str);
$str = str_replace ("=", "", $str);
$str = Str_replace ("%20", "", $str);
Echo $str;
return $str;
}
Aticle () anti-SQL injection function
function Sqlin ()
{
foreach ($_get as $key = $value)
{
$_ge ... Remaining full text >>

PHP anti-SQL injection problem

Basically I use Htmlspecialchars () and mysql_escape_string () These two methods to get the parameters to handle a bit:

http://www.bkjia.com/PHPjc/904932.html www.bkjia.com true http://www.bkjia.com/PHPjc/904932.html techarticle PHP to prevent SQL injection of filtering paging parameter instances, SQL paging This article describes the PHP method to prevent the filtering of paging parameters in SQL injection. Share to everyone for your reference. The specific analysis is as follows: ...

