Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to implement input value / form submission parameter filtering to effectively prevent sql injection

2025-04-07 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/03 Report--

This article introduces the knowledge of "how to implement input value / form submission parameter filtering to effectively prevent sql injection". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Input values / form submission parameter filtering to prevent sql injection or illegal attacks:

The copy code is as follows:

/ * *

* filter keywords for sql and php file operations

* @ param string $string

* @ return string

* @ author zyb

, /

Private function filter_keyword ($string) {

$keyword = 'select | insert | update | delete |\ |\ /\ * |\.\ / |\.\ / | union | into | load_file | outfile'

$arr = explode ('|', $keyword)

$result = str_ireplace ($arr,'', $string)

Return $result

}

/ * *

* check whether the entered number is valid, and return the corresponding id if it is valid, otherwise return false.

* @ param integer $id

* @ return mixed

* @ author zyb

, /

Protected function check_id ($id) {

$result = false

If ($id! =''& &! is_null ($id)) {

$var = $this- > filter_keyword ($id); / / filter keywords for sql and php file operations

If ($var! = =''& &! is_null ($var) & & is_numeric ($var)) {

$result = intval ($var)

}

}

Return $result

}

/ * *

* check whether the input character is valid, and return the corresponding id legally, otherwise return false

* @ param string $string

* @ return mixed

* @ author zyb

, /

Protected function check_str ($string) {

$result = false

$var = $this- > filter_keyword ($string); / / filter keywords for sql and php file operations

If (! empty ($var)) {

If (! get_magic_quotes_gpc ()) {/ / determine whether magic_quotes_gpc is open

$var = addslashes ($string); / / filter the submitted data if magic_quotes_gpc is not open

}

/ / $var = str_replace ("_", "\ _", $var); / / filter out'_'

$var = str_replace ("%", "\%", $var); / / filter out'%'

$var = nl2br ($var); / / enter conversion

$var = htmlspecialchars ($var); / / html tag conversion

$result = $var

}

Return $result

}

This is the end of the content of "how to implement input values / form submission parameter filtering to effectively prevent sql injection". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report