Once and for all: the overall anti-injection method in PHP website

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

It is mainly from two points, because we get the variable is usually obtained by getting or post way, then we simply filter the gets and post over the variable, then we can achieve the effect of preventing injection.

When writing code today, it suddenly occurred to me that there was no way to handle all the sites that might be injected through a single file. This saves time and code without filtering each variable in every program.

We are mainly from two points, because our obtained variables are usually through get or post way over, then we simply filter the gets and post over the variables, then we can achieve the effect of preventing injection. And our PHP is really very good, has built-in $_get and $_post two arrays to store all variables, we have to do is to filter each variable on it.

Here's a look at the specific code:

/* Author:heiyeluren *

/* Filter all get over variable * *

foreach ($_get as $get _key=> $get _var)

{

if (Is_numeric ($get _var))

if (Is_numeric ($get _var)) {

$get [Strtolower ($get _key)] = Get_int ($get _var);

else {

$get [Strtolower ($get _key)] = Get_str ($get _var);

}

}

* * Filter all post variables.

foreach ($_post as $post _key=> $post _var)

{

if (Is_numeric ($post _var)) {

$post [Strtolower ($post _key)] = Get_int ($post _var);

else {

$post [Strtolower ($post _key)] = Get_str ($post _var);

}

}

/* Filter Function * *

Integer Filter function

function Get_int ($number)

{

Return Intval ($number);

}

String filter functions

function Get_str ($string)

{

if (!GET_MAGIC_QUOTES_GPC ()) {

Return addslashes ($string);

}

return $string;

}

So we put the above code in a public file, such as security.inc.php inside, each file include this file, then can give any one of the program to submit all the variables to filter, to achieve the effect of our once and for all.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.