Simple and practical example of PHP anti-injection class

Source: Internet
Author: User
Tags php programming

This article mainly introduces the simple and practical example of PHP anti-injection class, taking two simple anti-injection class as an example to introduce the principle and technique of PHP anti-injection, it is very practical value for the website security construction, the need of friends can refer to

This paper describes the simple and practical PHP anti-injection class. Share to everyone for your reference. Specific as follows:

PHP anti-injection note to filter the information is basically get,post, and then for SQL is our common query, insert and so on SQL command, I give you two simple examples, I hope these examples can give your site security.

The PHP anti-injection class code is as follows:

Copy CodeThe code is as follows: <?php
/**
* Parameter Processing class
* @author Jasonwei
*/
Class Params
{
Public $get = Array ();

Public $post = Array ();

function __construct ()
{
if (!emptyempty ($_get)) {
foreach ($_get as $key = = $val) {
if (Is_numeric ($val)) {
$this->get[$key] = $this->getint ($val);
} else {
$this->get[$key] = $this->getstr ($val);
}
}
}
if (!emptyempty ($_post)) {
foreach ($_post as $key = = $val) {
if (Is_numeric ($val)) {
$this->post[$key] = $this->getint ($val);
} else {
$this->post[$key] = $this->getstr ($val);
}
}
}
}

Public Function getInt ($number)
{
Return Intval ($number);
}

Public Function Getstr ($string)
{
if (!GET_MAGIC_QUOTES_GPC ()) {
$string = Addslashes ($string);
}
return $string;
}

Public Function Checkinject ($string)
{
Return eregi (' select|insert|update|delete|/*|*|. /|. /|union|into|load_file|outfile ', $string);
}

Public Function Verifyid ($id = null)
{
if (! $id | | $this->checkinject ($id) | |!is_numeric ($id)) {
$id = false;
} else {
$id = Intval ($id);
}
return $id;
}
}
?>
Example two, the code is as follows:
Copy CodeThe code is as follows: <?php
/*************************
Description
Determine if the passed variable contains illegal characters

such as $_post, $_get
Function:
Anti-injection
*************************/
Illegal characters to filter on
$ArrFiltrate =array ("'", "or", "and", "union", "where");
The URL to jump after the error, without filling the default previous page
$STRGOURL = "";
Whether the values in the array exist
function Funstringexist ($StrFiltrate, $ArrFiltrate) {
foreach ($ArrFiltrate as $key = = $value) {
if (eregi ($value, $StrFiltrate)) {
return true;
}
}
return false;
}
Merging $_post and $_get
if (function_exists (Array_merge)) {
$ArrPostAndGet =array_merge ($HTTP _post_vars, $HTTP _get_vars);
}else{
foreach ($HTTP _post_vars as $key = + $value) {
$ArrPostAndGet []= $value;
}
foreach ($HTTP _get_vars as $key = + $value) {
$ArrPostAndGet []= $value;
}
}
Validation begins
foreach ($ArrPostAndGet as $key = = $value) {
if (Funstringexist ($value, $ArrFiltrate)) {
echo "<script language= ' JavaScript ' >alert (' message must not contain {', or,and,union} and other illegal characters please replace them with {', or,and,union} '); </ Script> ";
if (Emptyempty ($STRGOURL)) {
echo "<scriptlanguage= ' JavaScript ' >history.go ( -1);</script>";
}else{
echo "<scriptlanguage= ' JavaScript ' >window.location= '". $StrGoUrl. "'; </script> ";
}
Exit
}
}
/*************** End prevents PHP injection *****************/
?>

I hope this article is helpful to everyone's PHP programming.

Simple and practical example of PHP anti-injection class

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.