Easy to understand PHP anti injection code
- 2020-03-31 20:31:51
- OfStack
First, save the following code as safe.php in the root of the site, and then include(" /safe.php ") before each PHP file. You can:
PHP anti-injection code method 1:
PHP anti-injection code method 2:
PHP anti-injection code method 1:
<?php
//Illegal characters to filter
$ArrFiltrate=array( "'" , " ; " , " union " );
//Error to jump to the url, do not fill the default previous page
$StrGoUrl= "" ;
//Whether there are values in the array
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if (eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}
//Merge $_POST and $_GET
if(function_exists(array_merge)){
$ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS);
}else{
foreach($HTTP_POST_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
foreach($HTTP_GET_VARS as $key=>$value){
$ArrPostAndGet[]=$value;
}
}
//Verify the start
foreach($ArrPostAndGet as $key=>$value){
if (FunStringExist($value,$ArrFiltrate)){
echo " <script language= " javascript " >alert( "Illegal character" );</script> " ;
if (emptyempty($StrGoUrl)){
echo " <script language= " javascript " >history.go(-1);</script> " ;
}else{
echo " <script language= " javascript " >window.location= "" .$StrGoUrl. "" ;</script> " ;
}
exit;
}
}
?>
PHP anti-injection code method 2:
foreach ($_GET as $get_key=>$get_var)
{
if (is_numeric($get_var)) {
$get[strtolower($get_key)] = get_int($get_var);
} else {
$get[strtolower($get_key)] = get_str($get_var);
}
}
foreach ($_POST as $post_key=>$post_var)
{
if (is_numeric($post_var)) {
$post[strtolower($post_key)] = get_int($post_var);
} else {
$post[strtolower($post_key)] = get_str($post_var);
}
}
//Integer filter function
function get_int($number)
{
return intval($number);
}
//String filter function
function get_str($string)
{
if (!get_magic_quotes_gpc()) {
return addslashes($string);
}
return $string;
}