Once and for all: the overall anti-injection method in PHP website

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

It is mainly from two points, because we get the variable is usually obtained by getting or post way, then we simply filter the gets and post over the variable, then we can achieve the effect of preventing injection.

When writing code today, it suddenly occurred to me that there was no way to handle all the sites that might be injected through a single file. This saves time and code without filtering each variable in every program.

We are mainly from two points, because our obtained variables are usually through get or post way over, then we simply filter the gets and post over the variables, then we can achieve the effect of preventing injection. And our PHP is really very good, has built-in $_get and $_post two arrays to store all variables, we have to do is to filter each variable on it.

Here's a look at the specific code:

/* Author:heiyeluren *

/* Filter all get over variable * *

foreach ($_get as $get _key=> $get _var)

{

if (Is_numeric ($get _var))

if (Is_numeric ($get _var)) {

$get [Strtolower ($get _key)] = Get_int ($get _var);

else {

$get [Strtolower ($get _key)] = Get_str ($get _var);

}

}

* * Filter all post variables.

foreach ($_post as $post _key=> $post _var)

{

if (Is_numeric ($post _var)) {

$post [Strtolower ($post _key)] = Get_int ($post _var);

else {

$post [Strtolower ($post _key)] = Get_str ($post _var);

}

}

/* Filter Function * *

Integer Filter function

function Get_int ($number)

{

Return Intval ($number);

}

String filter functions

function Get_str ($string)

{

if (!GET_MAGIC_QUOTES_GPC ()) {

Return addslashes ($string);

}

return $string;

}

So we put the above code in a public file, such as security.inc.php inside, each file include this file, then can give any one of the program to submit all the variables to filter, to achieve the effect of our once and for all.