Backend Development
PHP Tutorial
A simple method to implement sql anti-injection in php, phpsql anti-injection_PHP tutorial
A simple method to implement sql anti-injection in php, phpsql anti-injection_PHP tutorial
Jul 12, 2016 am 08:53 AM
php simple method to implement sql anti-injection, phpsql anti-injection
This article describes the simple method of php to implement sql anti-injection. Share it with everyone for your reference, the details are as follows:
There is not much filtering here, mainly for the combination of php and mysql.
For general injection prevention, just use PHP’s addslashes function.
The following is a copied code:
PHP code:
$_POST = sql_injection($_POST);
$_GET = sql_injection($_GET);
function sql_injection($content)
{
if (!get_magic_quotes_gpc()) {
if (is_array($content)) {
foreach ($content as $key=>$value) {
$content[$key] = addslashes($value);
}
} else {
addslashes($content);
}
}
return $content;
}
If you want to build a system, you can use the following code, which is also copied.
PHP code:
function inject_check($sql_str) {
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // 進(jìn)行過濾
}
function verify_id($id=null) {
if (!$id) { exit('沒有提交參數(shù)!'); } // 是否為空判斷
elseif (inject_check($id)) { exit('提交的參數(shù)非法!'); } // 注射判斷
elseif (!is_numeric($id)) { exit('提交的參數(shù)非法!'); } // 數(shù)字判斷
$id = intval($id); // 整型化
return $id;
}
function str_check( $str ) {
if (!get_magic_quotes_gpc()) { // 判斷magic_quotes_gpc是否打開
$str = addslashes($str); // 進(jìn)行過濾
}
$str = str_replace("_", "\_", $str); // 把 '_'過濾掉
$str = str_replace("%", "\%", $str); // 把 '%'過濾掉
return $str;
}
function post_check($post) {
if (!get_magic_quotes_gpc()) { // 判斷magic_quotes_gpc是否為打開
$post = addslashes($post); // 進(jìn)行magic_quotes_gpc沒有打開的情況對提交數(shù)據(jù)的過濾
}
$post = str_replace("_", "\_", $post); // 把 '_'過濾掉
$post = str_replace("%", "\%", $post); // 把 '%'過濾掉
$post = nl2br($post); // 回車轉(zhuǎn)換
$post = htmlspecialchars($post); // html標(biāo)記轉(zhuǎn)換
return $post;
}
Readers who are interested in more PHP related content can check out the special topics of this site: "php programming security tutorial", "php security filtering skills summary", PHP operations and operator usage summary", PHP network programming skills Summary", "Introduction Tutorial on PHP Basic Syntax", "Summary of PHP Office Document Operation Skills (Including Word, Excel, Access, PPT)", "Introduction Tutorial on PHP Object-Oriented Programming", "Summary of PHP String Usage" , "Introduction Tutorial on PHP MySQL Database Operation" and "Summary of Common PHP Database Operation Skills"
I hope this article will be helpful to everyone in PHP programming.
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Applying Semantic Structure with article, section, and aside in HTML
Jul 05, 2025 am 02:03 AM
The rational use of semantic tags in HTML can improve page structure clarity, accessibility and SEO effects. 1. Used for independent content blocks, such as blog posts or comments, it must be self-contained; 2. Used for classification related content, usually including titles, and is suitable for different modules of the page; 3. Used for auxiliary information related to the main content but not core, such as sidebar recommendations or author profiles. In actual development, labels should be combined and other, avoid excessive nesting, keep the structure simple, and verify the rationality of the structure through developer tools.
The requested operation requires elevation Windows
Jul 04, 2025 am 02:58 AM
When you encounter the prompt "This operation requires escalation of permissions", it means that you need administrator permissions to continue. Solutions include: 1. Right-click the "Run as Administrator" program or set the shortcut to always run as an administrator; 2. Check whether the current account is an administrator account, if not, switch or request administrator assistance; 3. Use administrator permissions to open a command prompt or PowerShell to execute relevant commands; 4. Bypass the restrictions by obtaining file ownership or modifying the registry when necessary, but such operations need to be cautious and fully understand the risks. Confirm permission identity and try the above methods usually solve the problem.
How to handle File Uploads securely in PHP?
Jul 08, 2025 am 02:37 AM
To safely handle PHP file uploads, you need to verify the source and type, control the file name and path, set server restrictions, and process media files twice. 1. Verify the upload source to prevent CSRF through token and detect the real MIME type through finfo_file using whitelist control; 2. Rename the file to a random string and determine the extension to store it in a non-Web directory according to the detection type; 3. PHP configuration limits the upload size and temporary directory Nginx/Apache prohibits access to the upload directory; 4. The GD library resaves the pictures to clear potential malicious data.
How Do You Pass Variables by Value vs. by Reference in PHP?
Jul 08, 2025 am 02:42 AM
InPHP,variablesarepassedbyvaluebydefault,meaningfunctionsorassignmentsreceiveacopyofthedata,whilepassingbyreferenceallowsmodificationstoaffecttheoriginalvariable.1.Whenpassingbyvalue,changestothecopydonotimpacttheoriginal,asshownwhenassigning$b=$aorp
PHP find the position of the last occurrence of a substring
Jul 09, 2025 am 02:49 AM
The most direct way to find the last occurrence of a substring in PHP is to use the strrpos() function. 1. Use strrpos() function to directly obtain the index of the last occurrence of the substring in the main string. If it is not found, it returns false. The syntax is strrpos($haystack,$needle,$offset=0). 2. If you need to ignore case, you can use the strripos() function to implement case-insensitive search. 3. For multi-byte characters such as Chinese, the mb_strrpos() function in the mbstring extension should be used to ensure that the character position is returned instead of the byte position. 4. Note that strrpos() returns f
PHP header location ajax call not working
Jul 10, 2025 pm 01:46 PM
The reason why header('Location:...') in AJAX request is invalid is that the browser will not automatically perform page redirects. Because in the AJAX request, the 302 status code and Location header information returned by the server will be processed as response data, rather than triggering the jump behavior. Solutions are: 1. Return JSON data in PHP and include a jump URL; 2. Check the redirect field in the front-end AJAX callback and jump manually with window.location.href; 3. Ensure that the PHP output is only JSON to avoid parsing failure; 4. To deal with cross-domain problems, you need to set appropriate CORS headers; 5. To prevent cache interference, you can add a timestamp or set cache:f
mysql coalesce function
Jul 09, 2025 am 01:09 AM
The COALESCE function is used to return the first non-null value in the parameter list and is suitable for processing NULL data. 1. The basic usage is to replace the NULL value, such as replacing the empty field with the default contact method; 2. It can be used to set the default value in aggregate query to ensure that 0 is returned instead of NULL when there is no data; 3. It can be used in conjunction with other functions such as NULLIF and IFNULL to enhance data cleaning and logical judgment capabilities.
How can I increase PHP's execution time or upload limits if phpMyAdmin operations time out?
Jul 06, 2025 am 12:25 AM
When encountering phpMyAdmin timeout or upload restrictions, you usually need to adjust the PHP configuration. 1. Increase max_execution_time, if set to 300 seconds or 0 to release the time limit. 2. Adjust upload_max_filesize and post_max_size, if both set to 64M, and make sure post_max_size is slightly larger. 3. If you cannot edit php.ini, you can add the corresponding settings in .htaccess. After modification, restart the web server and take effect.
