Simple and practical PHP anti-injection instance

Source: Internet
Author: User
This article mainly introduces simple and practical PHP anti-injection instances, and introduces the principles and skills of PHP anti-injection based on two simple anti-injection classes, it is very practical for website security Construction. if you need it, you can refer to the example in this article to describe a simple and practical PHP anti-injection class. Share it with you for your reference. The details are as follows:

PHP anti-injection should be noted that the information to be filtered is basically get and post, and then SQL is our common query and insert SQL commands. below I will give you two simple examples, we hope these examples can bring security to your website.

The PHP anti-injection code is as follows:

The code is as follows:

<? Php
/**
* Parameter processing class
* @ Author JasonWei
*/
Class Params
{
Public $ get = array ();

Public $ post = array ();

Function _ construct ()
{
If (! Emptyempty ($ _ GET )){
Foreach ($ _ GET as $ key => $ val ){
If (is_numeric ($ val )){
$ This-> get [$ key] = $ this-> getInt ($ val );
} Else {
$ This-> get [$ key] = $ this-> getStr ($ val );
}
}
}
If (! Emptyempty ($ _ POST )){
Foreach ($ _ POST as $ key => $ val ){
If (is_numeric ($ val )){
$ This-> post [$ key] = $ this-> getInt ($ val );
} Else {
$ This-> post [$ key] = $ this-> getStr ($ val );
}
}
}
}

Public function getInt ($ number)
{
Return intval ($ number );
}

Public function getStr ($ string)
{
If (! Get_magic_quotes_gpc ()){
$ String = addslashes ($ string );
}
Return $ string;
}

Public function checkInject ($ string)
{
Return eregi ('select | insert | update | delete |/* | ../|./| union | into | load_file | outfile', $ string );
}

Public function verifyId ($ id = null)
{
If (! $ Id | $ this-> checkInject ($ id) |! Is_numeric ($ id )){
$ Id = false;
} Else {
$ Id = intval ($ id );
}
Return $ id;
}
}
?>


Example 2: The code is as follows:

The code is as follows:

<? Php
/*************************
Note:
Determines whether the passed variable contains invalid characters.

Such as $ _ POST and $ _ GET
Function:
Anti-injection
*************************/
// Invalid characters to be filtered
$ ArrFiltrate = array ("'", "or", "and", "union", "where ");
// The url to be redirected after an error occurs. If this parameter is left blank, the previous page is displayed by default.
$ StrGoUrl = "";
// Whether the value in the array exists
Function FunStringExist ($ StrFiltrate, $ ArrFiltrate ){
Foreach ($ ArrFiltrate as $ key => $ value ){
If (eregi ($ value, $ StrFiltrate )){
Return true;
}
}
Return false;
}
// Merge $ _ POST and $ _ GET
If (function_exists (array_merge )){
$ ArrPostAndGet = array_merge ($ HTTP_POST_VARS, $ HTTP_GET_VARS );
} Else {
Foreach ($ HTTP_POST_VARS as $ key => $ value ){
$ ArrPostAndGet [] = $ value;
}
Foreach ($ HTTP_GET_VARS as $ key => $ value ){
$ ArrPostAndGet [] = $ value;
}
}
// Verification starts
Foreach ($ ArrPostAndGet as $ key => $ value ){
If (FunStringExist ($ value, $ ArrFiltrate )){
Echo"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.