Web security anti-SQL injection is multi-filtering with PHP filter function

This article mainly introduces the web security anti-SQL injection is a multi-filter with PHP filter function, has a certain reference value, now share to everyone, the need for friends can refer to

SQL injection and cross-site attack filtering functions support common Security filtering such as SQL injection, cross-site scripting attacks, and cross-site post submissions.

<?php/** * Global security filter function * supports SQL injection and cross-site scripting attacks */function Global_filter () {         App,act for Controller and Controller methods $params = Array (APP, ACT);                     foreach ($params as $k = + $v) {if (!preg_match ("/^[a-za-z0-9_-]+$/", $v)) {         Header_status_404 (); }} $arrStr = Array ('%0d%0a ', ' ' ', ' < ', ' > ', ' $ ', ' script ', ' document ', ' eval ', ' atestu ', ' select '         ', ' insert?into ', ' delete?from ');         Global_inject_input ($_server[' http_referer '), $ARRSTR, true);         Global_inject_input ($_server[' http_user_agent '), $ARRSTR, true);         Global_inject_input ($_server[' http_accept_language '), $ARRSTR, true);         Global_inject_input ($_get, Array_merge ($arrStr, Array (' ")), true);             Global_inject_input ($_cookie, Array_merge ($arrStr, Array (' "', ' & ')), true); The cookie will have a record of the URL (pgclx_last_url). Get rid of the judgment of & Global_inject_input ($_cookie, Array_merge ($ARRSTR, Array (' "')), true);              Global_inject_input ($_server, Array ('%0d%0a '), true);         Handle cross-domain post submission issues if ($_server[' request_method ' = = ' post ') {//Handle client POST request processing without http_referer parameter issues         if (Isset ($_server[' http_referer ')) {$url = Parse_url ($_server[' http_referer ']); $referer _host =!empty ($url [' Port ']) && $url [' port ']! = ' 80 '?         $url [' Host ']. ': ' $url [' Port ']: $url [' host '];         if ($referer _host! = $_server[' Http_host ')) {header_status_404 ();         }}} global_inject_input ($_post, Array ('%0d%0a '));         Global_inject_input ($_request, Array ('%0d%0a ')); }/** * Global security filter function */function Global_inject_input ($string, $inject _string, $replace = False) {if (!is_array ($string)) {foreach ($inject _string as $value) {if         (Stripos (Strtolower ($string), $value)!== false) {                         Header_status_404 ();         }} if ($replace) {return Filter_var (Safe_replace ($string), filter_sanitize_string);         } else {return $string; }} foreach ($string as $key = + $val) {$string [$key] = Global_inject_input ($val, $         Inject_string, $replace);         } return $string;            }/** * HTTP header information **/function header_status_404 ($status = ' 404 ') {            if (substr (Php_sapi_name (), 0, 3) = = ' cgi ') {header (' Status: '. $status, TRUE);         Exit } else {header ($_server[' Server_protocol '). '         '. $status); $error _404 = "<!         DOCTYPE HTML public \ "-//IETF//DTD HTML 2.0//en\" >\r\n ";         $error _404. = "
Related recommendations:

An analysis of PHP filtering HTML strings to prevent SQL injection

Detailed introduction of regular expressions for PHP filtering common HTML tags