SQL universal anti-Injection System

SQL universal anti-injection system this article provides this anti-SQL Injection code is a php SQL dual-filter function for illegal characters, it can be customized according to the user's anti-SQL Injection Oh, first, filter some SQL commands, and then filter the post get. It is best to verify it.

SQL universal anti-Injection System
This article provides this anti-SQL Injection code, which is a php tutorial SQL double filter function for illegal characters. It can prevent SQL Injection based on user-defined settings. First, it filters some SQL commands, the second is to filter the post get once. It is best to verify it.
*/
// Anti-Injection

$ Arrfiltrate = array ("update", "delete", "selert", "drop", "exec", "cast", "'", "union ");
// The url to be redirected after an error occurs. If this parameter is left blank, the previous page is displayed by default.
$ Strgourl = "";
// Whether the value in the array exists
Function funstringexist ($ strfiltrate, $ arrfiltrate ){
Foreach ($ arrfiltrate as $ key => $ value ){
If (eregi ($ value, $ strfiltrate )){
Return true;
}
}
Return false;
}
// Merge $ _ post and $ _ get
If (function_exists (array_merge )){
$ Arrpostandget = array_merge ($ http_post_vars, $ http_get_vars );
} Else {
Foreach ($ http_post_vars as $ key => $ value ){
$ Arrpostandget [] = $ value;
}
Foreach ($ http_get_vars as $ key => $ value ){
$ Arrpostandget [] = $ value;
}
}
// Verification starts
Foreach ($ arrpostandget as $ key => $ value ){
If (funstringexist ($ value, $ arrfiltrate )){
Echo "";
If (empty ($ strgourl )){
Echo "";
} Else {
Echo "";
}
Echo "<script> alert ('the system has detected invalid characters! '); History. back (); </script> ";
Exit ();
}
}
?>