php如何过滤SQL注入字符串 如题 ,谢谢!!!!! 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 是不是要防止sql注入,我有一个类.在csdn下载中搜一下! <?php$_POST = sql_injection($_POST);$_GET = sql_injection($_GET);print_r($_GET);echo("<br />" . $_GET["a"] . "---" . $_GET["b"]);如果我在地址栏输入:http://localhost/test_study/delsql.php?a='1execute1&b=and2则返回Array ( [a] => \'11 [b] => 2 ) \'11---2 ★★★★★★★★★★★★★以下是两个过滤SQL特殊字符串的函数,双重保险第一个是利用系统函数第二个是自写的★★★★★★★★★★★★★function sql_injection($content){ //判断magic_quotes_gpc是否开启,如果开启就不要转义 if (!get_magic_quotes_gpc()) { if (is_array($content)) { foreach ($content as $key=>$value) { $content[$key] = dowith_sql($content[$key]); $content[$key] = addslashes($value); } } else { $content[$key] = dowith_sql($content[$key]); addslashes($content); } } return dowith_sql($content); //return $content;}function dowith_sql($str){ $str = str_replace("and","",$str); $str = str_replace("execute","",$str); $str = str_replace("update","",$str); $str = str_replace("count","",$str); $str = str_replace("chr","",$str); $str = str_replace("mid","",$str); $str = str_replace("master","",$str); $str = str_replace("truncate","",$str); $str = str_replace("char","",$str); $str = str_replace("declare","",$str); $str = str_replace("select","",$str); $str = str_replace("create","",$str); $str = str_replace("delete","",$str); $str = str_replace("insert","",$str); //$str = str_replace("'","",$str); $str = str_replace("\"","",$str); $str = str_replace(" ","",$str); $str = str_replace("or","",$str); $str = str_replace("=","",$str); $str = str_replace("%20","",$str); return $str;}?> 建议使用PDO, PHP5以上版本支持. 北京交通违章查询结果 PHP导入问题~!总没成功但提示 成功 请看看哪里错了!!! 清單問題 请问如何生成这样的编号 关联表UPDATE问题 php中如何调用mysql的存储过程?? 如何按照需求引用图片路径? 关于$_GET的问题 php有Application吗? 【♠】海外空间 Linux 在线解压缩 Fatal error: Class 'Com' not found in queryphp框架教程三 做SEO优化 以.html结尾去除index.php
$_POST = sql_injection($_POST);
$_GET = sql_injection($_GET);print_r($_GET);
echo("<br />" . $_GET["a"] . "---" . $_GET["b"]);如果我在地址栏输入:http://localhost/test_study/delsql.php?a='1execute1&b=and2
则返回
Array ( [a] => \'11 [b] => 2 )
\'11---2
★★★★★★★★★★★★★
以下是两个过滤SQL特殊字符串的函数,双重保险
第一个是利用系统函数
第二个是自写的
★★★★★★★★★★★★★
function sql_injection($content)
{
//判断magic_quotes_gpc是否开启,如果开启就不要转义
if (!get_magic_quotes_gpc())
{
if (is_array($content))
{
foreach ($content as $key=>$value)
{
$content[$key] = dowith_sql($content[$key]);
$content[$key] = addslashes($value);
}
}
else
{
$content[$key] = dowith_sql($content[$key]);
addslashes($content);
}
}
return dowith_sql($content);
//return $content;
}function dowith_sql($str)
{
$str = str_replace("and","",$str);
$str = str_replace("execute","",$str);
$str = str_replace("update","",$str);
$str = str_replace("count","",$str);
$str = str_replace("chr","",$str);
$str = str_replace("mid","",$str);
$str = str_replace("master","",$str);
$str = str_replace("truncate","",$str);
$str = str_replace("char","",$str);
$str = str_replace("declare","",$str);
$str = str_replace("select","",$str);
$str = str_replace("create","",$str);
$str = str_replace("delete","",$str);
$str = str_replace("insert","",$str);
//$str = str_replace("'","",$str);
$str = str_replace("\"","",$str);
$str = str_replace(" ","",$str);
$str = str_replace("or","",$str);
$str = str_replace("=","",$str);
$str = str_replace("%20","",$str);
return $str;
}
?>