Php prevents injection. Several methods to prevent injection in the php Tutorial are actually we need to filter some of our common keywords and conformances, such as select, insert, update, delete, and *. for example: several methods to prevent injection in the php Tutorial
In fact, it turns out that we need to filter out some common keywords and conformances such:
Select, insert, update, delete, and, *, etc.
Example:
Function inject_check ($ SQL _str ){
Return eregi ('select | insert | update | delete | '|/* |.../|./| union | into | load_file
| Outfile ', $ SQL _str); // filter
}
Or filter Special characters between system functions.
Addslashes (content to be filtered)
2. php security settings in other places
1. set register_globals = off to disabled.
2. do not omit small quotation marks or single quotation marks when writing SQL statements.
Select * from table where id = 2 (not standard)
Select * from · table · where · id · = '2' (standard)
3. use accepted parameters such as $ _ post $ _ get $ _ session correctly and filter them.
4. Improve the naming skills of database tutorials. you can name important fields according to program characteristics.
5. encapsulate common methods to avoid direct exposure of SQL statements
There are several ways to prevent injection by using the distinct statement. In fact, we need to filter some common keywords and conformances such as select, insert, update, delete, and *. for example :...