The perfect PHP anti-SQL injection Code _php tutorial

A more perfect PHP anti-SQL injection code, many beginners have been SQL injection experience it, today we share a more complete SQL anti-injection code, the need for students can refer to

The code is as follows

Copy Code

/************************* Description Determine if the passed variable contains illegal characters such as $_post, $_get Function: Anti-injection *************************/ Illegal characters to filter on $ArrFiltrate =array ("'", "or", "and", "union", "where"); The URL to jump after the error, without filling the default previous page $STRGOURL = ""; Whether the values in the array exist function Funstringexist ($StrFiltrate, $ArrFiltrate) { foreach ($ArrFiltrate as $key = = $value) { if (eregi ($value, $StrFiltrate)) { return true; } } return false; } Merging $_post and $_get if (function_exists (Array_merge)) { $ArrPostAndGet =array_merge ($HTTP _post_vars, $HTTP _get_vars); }else{ foreach ($HTTP _post_vars as $key = + $value) { $ArrPostAndGet []= $value; } foreach ($HTTP _get_vars as $key = + $value) { $ArrPostAndGet []= $value; } } Validation begins foreach ($ArrPostAndGet as $key = = $value) { if (Funstringexist ($value, $ArrFiltrate)) { echo ""; if (empty ($STRGOURL)) { echo ""; }else{ echo ""; } Exit } } /*************** End prevents PHP injection *****************/ ?>

http://www.bkjia.com/PHPjc/629674.html www.bkjia.com true http://www.bkjia.com/PHPjc/629674.html techarticle a more perfect PHP anti-SQL injection code, many beginners have the experience of SQL injection, today we will share your more complete SQL anti-injection code, the need for students to participate ...

