This article mainly introduces simple and practical PHP anti-injection instances, and introduces the principles and skills of PHP anti-injection based on two simple anti-injection classes, it is very practical for website security Construction. if you need it, you can refer to the example in this article to describe a simple and practical PHP anti-injection class. Share it with you for your reference. The details are as follows:
PHP anti-injection should be noted that the information to be filtered is basically get and post, and then SQL is our common query and insert SQL commands. below I will give you two simple examples, we hope these examples can bring security to your website.
The PHP anti-injection code is as follows:
The code is as follows:
<? Php
/**
* Parameter processing class
* @ Author JasonWei
*/
Class Params
{
Public $ get = array ();
Public $ post = array ();
Function _ construct ()
{
If (! Emptyempty ($ _ GET )){
Foreach ($ _ GET as $ key => $ val ){
If (is_numeric ($ val )){
$ This-> get [$ key] = $ this-> getInt ($ val );
} Else {
$ This-> get [$ key] = $ this-> getStr ($ val );
}
}
}
If (! Emptyempty ($ _ POST )){
Foreach ($ _ POST as $ key => $ val ){
If (is_numeric ($ val )){
$ This-> post [$ key] = $ this-> getInt ($ val );
} Else {
$ This-> post [$ key] = $ this-> getStr ($ val );
}
}
}
}
Public function getInt ($ number)
{
Return intval ($ number );
}
Public function getStr ($ string)
{
If (! Get_magic_quotes_gpc ()){
$ String = addslashes ($ string );
}
Return $ string;
}
Public function checkInject ($ string)
{
Return eregi ('select | insert | update | delete |/* | ../|./| union | into | load_file | outfile', $ string );
}
Public function verifyId ($ id = null)
{
If (! $ Id | $ this-> checkInject ($ id) |! Is_numeric ($ id )){
$ Id = false;
} Else {
$ Id = intval ($ id );
}
Return $ id;
}
}
?>
Example 2: The code is as follows:
The code is as follows:
<? Php
/*************************
Note:
Determines whether the passed variable contains invalid characters.
Such as $ _ POST and $ _ GET
Function:
Anti-injection
*************************/
// Invalid characters to be filtered
$ ArrFiltrate = array ("'", "or", "and", "union", "where ");
// The url to be redirected after an error occurs. If this parameter is left blank, the previous page is displayed by default.
$ StrGoUrl = "";
// Whether the value in the array exists
Function FunStringExist ($ StrFiltrate, $ ArrFiltrate ){
Foreach ($ ArrFiltrate as $ key => $ value ){
If (eregi ($ value, $ StrFiltrate )){
Return true;
}
}
Return false;
}
// Merge $ _ POST and $ _ GET
If (function_exists (array_merge )){
$ ArrPostAndGet = array_merge ($ HTTP_POST_VARS, $ HTTP_GET_VARS );
} Else {
Foreach ($ HTTP_POST_VARS as $ key => $ value ){
$ ArrPostAndGet [] = $ value;
}
Foreach ($ HTTP_GET_VARS as $ key => $ value ){
$ ArrPostAndGet [] = $ value;
}
}
// Verification starts
Foreach ($ ArrPostAndGet as $ key => $ value ){
If (FunStringExist ($ value, $ ArrFiltrate )){
Echo"