Shulou(Shulou.com)06/03 Report--

This article introduces the knowledge of "how to implement input value / form submission parameter filtering to effectively prevent sql injection". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Input values / form submission parameter filtering to prevent sql injection or illegal attacks:

The copy code is as follows:

/ * *

* filter keywords for sql and php file operations

* @ param string $string

* @ return string

* @ author zyb

, /

Private function filter_keyword ($string) {

$keyword = 'select | insert | update | delete |\ |\ /\ * |\.\ / |\.\ / | union | into | load_file | outfile'

$arr = explode ('|', $keyword)

$result = str_ireplace ($arr,'', $string)

Return $result

}

/ * *

* check whether the entered number is valid, and return the corresponding id if it is valid, otherwise return false.

* @ param integer $id

* @ return mixed

* @ author zyb

, /

Protected function check_id ($id) {

$result = false

If ($id! =''& &! is_null ($id)) {

$var = $this- > filter_keyword ($id); / / filter keywords for sql and php file operations

If ($var! = =''& &! is_null ($var) & & is_numeric ($var)) {

$result = intval ($var)

}

}

Return $result

}

/ * *

* check whether the input character is valid, and return the corresponding id legally, otherwise return false

* @ param string $string

* @ return mixed

* @ author zyb

, /

Protected function check_str ($string) {

$result = false

$var = $this- > filter_keyword ($string); / / filter keywords for sql and php file operations

If (! empty ($var)) {

If (! get_magic_quotes_gpc ()) {/ / determine whether magic_quotes_gpc is open

$var = addslashes ($string); / / filter the submitted data if magic_quotes_gpc is not open

}

/ / $var = str_replace ("_", "\ _", $var); / / filter out'_'

$var = str_replace ("%", "\%", $var); / / filter out'%'

$var = nl2br ($var); / / enter conversion

$var = htmlspecialchars ($var); / / html tag conversion

$result = $var

}

Return $result

}

This is the end of the content of "how to implement input values / form submission parameter filtering to effectively prevent sql injection". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.