SQL Universal anti-injection System _php Tutorial

SQL Universal Anti-injection system This article provides this anti-SQL injection code is a PHP SQL double filter illegal characters of the function, he can be based on user-defined anti-SQL injection Oh, first filter some SQL commands, and then is the post get filtered once, it is best to verify.

SQL Universal anti-injection system
This article provides this anti-SQL injection code is a PHP tutorial SQL double Filter illegal characters of the function, he can be based on user-defined anti-SQL injection Oh, first filter some SQL commands, and then is the post get filtered once, it is best to verify.
*/
Anti-injection

$arrfiltrate =array ("Update", "delete", "Selert", "Drop", "exec", "cast", "'", "union");
The URL to jump after the error, without filling the default previous page
$strgourl = "";
Whether the values in the array exist
function Funstringexist ($strfiltrate, $arrfiltrate) {
foreach ($arrfiltrate as $key = = $value) {
if (eregi ($value, $strfiltrate)) {
return true;
}
}
return false;
}
Merging $_post and $_get
if (function_exists (Array_merge)) {
$arrpostandget =array_merge ($http _post_vars, $http _get_vars);
}else{
foreach ($http _post_vars as $key = + $value) {
$arrpostandget []= $value;
}
foreach ($http _get_vars as $key = + $value) {
$arrpostandget []= $value;
}
}
Validation begins
foreach ($arrpostandget as $key = = $value) {
if (Funstringexist ($value, $arrfiltrate)) {
echo "";
if (empty ($strgourl)) {
echo "";
}else{
echo "";
}
echo "";
Exit ();
}
}
?>

http://www.bkjia.com/PHPjc/629740.html www.bkjia.com true http://www.bkjia.com/PHPjc/629740.html techarticle SQL Universal Anti-injection system This article provides this anti-SQL injection code is a PHP SQL double filter illegal characters of the function, he can be based on user-defined anti-SQL injection Oh, first filter some sq ...

