$Name = safe_input(trim($_POST["name"]));
$Password = safe_input(trim($_POST["pass"]));
$zhen = safe_input(trim($_POST["zhen"]));
//认证用户名
$str='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$length = strlen($Name);
for ($i=0;$i<=$length-1;$i++){
$ch = charAt($Name,$i);
$pos = strpos($str, $ch);
if($pos){
}else{
Return("请输入正确的用户名!");
exit;
}
}//认证密码
$length = strlen($Password);
for ($i=0;$i<=$length-1;$i++){
$ch = charAt($Password,$i);
$pos = strpos($str, $ch);
if($pos){
}else{
Return("请输入正确的密码!");
exit;
}
}$codes =$_SESSION["code"];
if($codes != $zhen){
Return("认证码出错!");
exit;
}这样的防止SQL注入,安全吗?大家发表下意见,谢谢。
$Password = safe_input(trim($_POST["pass"]));
$zhen = safe_input(trim($_POST["zhen"]));
//认证用户名
$str='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$length = strlen($Name);
for ($i=0;$i<=$length-1;$i++){
$ch = charAt($Name,$i);
$pos = strpos($str, $ch);
if($pos){
}else{
Return("请输入正确的用户名!");
exit;
}
}//认证密码
$length = strlen($Password);
for ($i=0;$i<=$length-1;$i++){
$ch = charAt($Password,$i);
$pos = strpos($str, $ch);
if($pos){
}else{
Return("请输入正确的密码!");
exit;
}
}$codes =$_SESSION["code"];
if($codes != $zhen){
Return("认证码出错!");
exit;
}这样的防止SQL注入,安全吗?大家发表下意见,谢谢。
$ini_magic_quotes_gpc = get_magic_quotes_gpc();
if(!$ini_magic_quotes_gpc){
add_magic_quotes_gpc($_POST);
add_magic_quotes_gpc($_GET);
}function add_magic_quotes_gpc(&$var) {
if(is_array($var)){
foreach($var as $k => $v){
if(is_array($v)){
add_magic_quotes_gpc($var[$k]);
}else{
$var[$k] = addslashes($v);
}
}
}else{
$var = addslashes($var);
}
}
$ini_magic_quotes_gpc = get_magic_quotes_gpc();
if(!$ini_magic_quotes_gpc){
add_magic_quotes_gpc($_POST);
add_magic_quotes_gpc($_GET);
}function add_magic_quotes_gpc(&$var) {
if(is_array($var)){
foreach($var as $k => $v){
if(is_array($v)){
add_magic_quotes_gpc($var[$k]);
}else{
$var[$k] = addslashes($v);
}
}
}else{
$var = addslashes($var);
}
}如果magic_quotes_gpc = Off时呢?
注册看程序,人家就是magic_quotes_gpc = Off才有效,如果为on,就不需要啦,系统会自动转义!嘎嘎
当然,上面的程序还不严谨,还要防范一些sql语句,如:update,select,insert……