Input value and Form submission parameter filtering method to effectively prevent sql injection

Input value/form submission parameter filtering to prevent sql injection or illegal attacks:

 
/** 
*  filter sql with php Keywords for file operations  
* @param string $string 
* @return string 
* @author zyb <zyb_icanplay@163.com> 
*/ 
private function filter_keyword( $string ) { 
$keyword = 'select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile'; 
$arr = explode( '|', $keyword ); 
$result = str_ireplace( $arr, '', $string ); 
return $result; 
} 

/** 
*  Check if the number entered is valid and return the corresponding number id Otherwise return false 
* @param integer $id 
* @return mixed 
* @author zyb <zyb_icanplay@163.com> 
*/ 
protected function check_id( $id ) { 
$result = false; 
if ( $id !== '' && !is_null( $id ) ) { 
$var = $this->filter_keyword( $id ); //  filter sql with php Keywords for file operations  
if ( $var !== '' && !is_null( $var ) && is_numeric( $var ) ) { 
$result = intval( $var ); 
} 
} 
return $result; 
} 

/** 
*  Check whether the input character is legal, legal return the corresponding id Otherwise return false 
* @param string $string 
* @return mixed 
* @author zyb <zyb_icanplay@163.com> 
*/ 
protected function check_str( $string ) { 
$result = false; 
$var = $this->filter_keyword( $string ); //  filter sql with php Keywords for file operations  
if ( !empty( $var ) ) { 
if ( !get_magic_quotes_gpc() ) { //  judge magic_quotes_gpc Is it open?  
$var = addslashes( $string ); //  for magic_quotes_gpc Filtering of submitted data when not open  
} 
//$var = str_replace( "_", "\_", $var ); //  the  '_' To filter out  
$var = str_replace( "%", "\%", $var ); //  the  '%' To filter out  
$var = nl2br( $var ); //  Enter conversion  
$var = htmlspecialchars( $var ); // html Tag into  
$result = $var; 
} 
return $result; 
}