PHP tutorial several ways to prevent injection
Actually it turns out that we need to filter some of our common keywords and conform to such as:
select,insert,update,delete,and,*, wait.
Example:
function Inject_check ($sql _str) {
Return eregi (' select|insert|update|delete| ' | /*|*|.. /|. /|union|into|load_file
|outfile ', $sql _str); To filter
}
or by filtering special symbols between system functions.
Addslashes (content that needs to be filtered)
Second, PHP other local security settings
1, register_globals = Off set to OFF state
2. Try not to omit Kohiki and single quotes when writing SQL statements
SELECT * FROM table where id=2 (not canonical)
SELECT * FROM Table WHERE id = ' 2 ' (specification)
3, the correct use $_post $_get $_session and other acceptance parameters, and to be filtered
4, improve the database tutorial naming skills, for some important fields can be named according to the program characteristics
5, for common methods to encapsulate, to avoid direct exposure to SQL statements
http://www.bkjia.com/PHPjc/629718.html www.bkjia.com true http://www.bkjia.com/PHPjc/629718.html techarticle PHP Tutorial To prevent the injection of a few ways in fact, we need to filter some of our common keywords and conform to such as: select,insert,update,delete,and,*, and so on example: ...