Of Stack

Easy to use PHP anti injection vulnerability filter function code

  • 2020-05-16 06:33:59
  • OfStack 
 
<?PHP 
//PHP The whole site anti - injection program needs to be in a public file require_once This document  
// judge magic_quotes_gpc state  
if (@get_magic_quotes_gpc ()) { 
$_GET = sec ( $_GET ); 
$_POST = sec ( $_POST ); 
$_COOKIE = sec ( $_COOKIE ); 
$_FILES = sec ( $_FILES ); 
} 
$_SERVER = sec ( $_SERVER ); 
function sec(&$array) { 
// If it's an array, go through the array and recursively call it  
if (is_array ( $array )) { 
foreach ( $array as $k => $v ) { 
$array [$k] = sec ( $v ); 
} 
} else if (is_string ( $array )) { 
// use addslashes Function to handle  
$array = addslashes ( $array ); 
} else if (is_numeric ( $array )) { 
$array = intval ( $array ); 
} 
return $array; 
} 
// Integer filter function  
function num_check($id) { 
if (! $id) { 
die ( ' Parameter cannot be empty! ' ); 
} // Whether it is empty or not  
else if (inject_check ( $id )) { 
die ( ' Illegal parameter ' ); 
} // Injection of judgment  
else if (! is_numetic ( $id )) { 
die ( ' Illegal parameter ' ); 
} 
// Digital judgment  
$id = intval ( $id ); 
// Integer,  
return $id; 
} 
// Character filter function  
function str_check($str) { 
if (inject_check ( $str )) { 
die ( ' Illegal parameter ' ); 
} 
// Injection of judgment  
$str = htmlspecialchars ( $str ); 
// conversion html 
return $str; 
} 
function search_check($str) { 
$str = str_replace ( "_", "\_", $str ); 
// the "_" To filter out  
$str = str_replace ( "%", "\%", $str ); 
// the "%" To filter out  
$str = htmlspecialchars ( $str ); 
// conversion html 
return $str; 
} 
// Form filter function  
function post_check($str, $min, $max) { 
if (isset ( $min ) && strlen ( $str ) < $min) { 
die ( ' A minimum of $min byte ' ); 
} else if (isset ( $max ) && strlen ( $str ) > $max) { 
die ( ' most $max byte ' ); 
} 
return stripslashes_array ( $str ); 
} 
// Anti-injection function  
function inject_check($sql_str) { 
return eregi ( 'select|inert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|UNION|into|load_file|outfile', $sql_str ); 
// www.ofstack.com  Filter and prevent injection  
} 
function stripslashes_array(&$array) { 
if (is_array ( $array )) { 
foreach ( $array as $k => $v ) { 
$array [$k] = stripslashes_array ( $v ); 
} 
} else if (is_string ( $array )) { 
$array = stripslashes ( $array ); 
} 
return $array; 
} 
?>
Related articles: