This article provides this anti-SQL injection code, which is a phpsql double filter function for illegal characters. it can be used to prevent SQL injection based on user-defined rules. First, it filters some SQL commands, the next step is to filter out postget once. it is best to verify it. php anti-injection code... this article provides this anti-SQL injection code, which is a php SQL double filter function for illegal characters. it can prevent SQL injection based on user-defined rules. First, it filters some SQL commands, the second is to filter the post get once. it is best to verify it.
The php anti-injection code is as follows:
$ Arrfiltrate = array ("update", "delete", "selert", "drop", "exec", "cast", "'", "union "); // the url to be redirected after an error occurs. If this parameter is left blank, $ strgourl = ""; // whether the value in the array function funstringexist ($ strfiltrate, $ arrfiltrate) exists by default) {foreach ($ arrfiltrate as $ key => $ value) {if (eregi ($ value, $ strfiltrate) {return true ;}} return false ;} // merge $ _ post and $ _ get if (function_exists (array_merge) {$ arrpostandget = array_merge ($ http_post_vars, $ http_get_vars );} Else {foreach ($ http_post_vars as $ key => $ value) {$ arrpostandget [] = $ value;} foreach ($ http_get_vars as $ key => $ value) {$ arrpostandget [] = $ value ;}/// start foreach verification ($ arrpostandget as $ key =>$ value) {if (funstringexist ($ value, $ arrfiltrate )) {echo ""; if (emptyempty ($ strgourl) {echo "";} else {echo "";} echo "script" alert ('illegal characters detected by the system! '); History. back (); script "; exit ();}}
Permanent address:
Reprint at will ~ Please bring the tutorial URL ^