Simple PHP anti-injection code

Source: Internet
Author: User
SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended. For example, many of the previous film and television sites leaked VIP membership password is mostly through the Web form to submit query characters, such forms are particularly vulnerable to SQL injection attacks. This article mainly two methods of PHP anti-injection method, first please save the following code as safe.php placed in the root directory of the Web site, and then add an include ("/safe.php") in front of each PHP file;

PHP Anti-Injection code method one:

<?php//the illegal character to filter $ArrFiltrate =array ("'", ";", "union"), or the URL to jump after an error, If not, the default previous page $StrGoUrl = ""; Whether there is a value in the Array function funstringexist ($StrFiltrate, $ArrFiltrate) {foreach ($ArrFiltrate as $key = $value) {if (Eregi ($ Value, $StrFiltrate)) {return true;}} return false; }//Merge $_post and $_get if (function_exists (Array_merge)) {$ArrPostAndGet =array_merge ($HTTP _post_vars, $HTTP _get_vars);} else{foreach ($HTTP _post_vars as $key = = $value) {$ArrPostAndGet []= $value;} foreach ($HTTP _get_vars as $key =>$ Value) {$ArrPostAndGet []= $value;}} Validation starts foreach ($ArrPostAndGet as $key + $value) {if (Funstringexist ($value, $ArrFiltrate)) {echo "<script language =\ "javascript\" >alert (\ "illegal character \");</script> "; if (Emptyempty ($STRGOURL)) {echo "<script language=\" javascript\ ">history.go ( -1);</script>";} else{echo "<script language=\" javascript\ ">window.location=\" ". $StrGoUrl." \ ";</script>"; } exit; }}; 

PHP Anti-injection code method two:

/* Filter all GET over variable */foreach ($_get as $get _key=> $get _var) {if (Is_numeric ($get _var)) {$get [Strtolower ($get _key)] = get_ Int ($get _var); } else {$get [Strtolower ($get _key)] = Get_str ($get _var);}} /* Filter all POST-over variables */foreach ($_post as $post _key=> $post _var) {if (Is_numeric ($post _var)) {$post [Strtolower ($post _key )] = Get_int ($post _var); } else {$post [Strtolower ($post _key)] = Get_str ($post _var);}} /* Filter function *//integer filter function get_int ($number) {return intval ($number);}//String filter function Get_str ($string) {if (!get_ MAGIC_QUOTES_GPC ()) {return addslashes ($string);} return $string; }

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.