SQL防注入代码一
<BR><?php <BR>/** <BR>* 防sql注入 <BR>* @author: [email protected] <BR>* */ <BR>/** <BR>* reject sql inject <BR>*/ <BR>if (!function_exists (quote)) <BR>{ <BR>function quote($var) <BR>{ <BR>if (strlen($var)) <BR>{ <BR>$var=!get_magic_quotes_gpc() ? $var : stripslashes($var); <BR>$var = str_replace("'","\'",$var); <BR>} <BR>return "'$var'"; <BR>} <BR>} <BR>if (!function_exists (hash_num)){ <BR>function hash_num($input) <BR>{ <BR>$hash = 5381; <BR>for ($i = 0; $i < strlen($str); $i++) <BR>{ <BR>$c = ord($str{$i}); <BR>$hash = (($hash << 5) + $hash) + $c; <BR>} <BR>return $hash; <BR>} <BR>} <BR>/**************** end *************************/ <BR>?> <BR>
<BR><?php <BR>/** <BR>* 防sql测试代码 <BR>CREATE TABLE IF NOT EXISTS `tb` ( <BR>`id` int(10) unsigned NOT NULL auto_increment, <BR>`age` tinyint(3) unsigned NOT NULL, <BR>`name` char(100) NOT NULL, <BR>`note` text NOT NULL, <BR>PRIMARY KEY (`id`) <BR>) ENGINE=MyISAM DEFAULT CHARSET=utf8 ; <BR>**/ <BR>include_once('common.php'); <BR>var_dump(hash_num('dddd')); <BR>if(empty($_GET)) <BR>{ <BR>$_GET = array('age'=>'99','name'=>'a\'b\\\'c";','note'=>"a'b\'\nc#"); <BR>} <BR>$age = (int)$_GET['age']; <BR>$name = quote($_GET['name']); <BR>$note = quote($_GET['note']); <BR>$sql = "INSERT INTO `tb` ( `age`, `name`, `note`) VALUES <BR>( $age, $name, $note)"; <BR>var_dump($sql); <BR>?> <BR>
PHP 防止sql注入函数代码二:
<BR><?php <BR>$magic_quotes_gpc = get_magic_quotes_gpc(); <BR>@extract(daddslashes($_COOKIE)); <BR>@extract(daddslashes($_POST)); <BR>@extract(daddslashes($_GET)); <BR>if(!$magic_quotes_gpc) { <BR>$_FILES = daddslashes($_FILES); <BR>} <br><br>function daddslashes($string, $force = 0) { <BR>if(!$GLOBALS['magic_quotes_gpc'] || $force) { <BR>if(is_array($string)) { <BR>foreach($string as $key => $val) { <BR>$string[$key] = daddslashes($val, $force); <BR>} <BR>} else { <BR>$string = addslashes($str<b>%本文@来源gao@!dai!ma.com搞$$代^@码!网</b><strong>搞代gaodaima码</strong>ing); <BR>} <BR>} <BR>return $string; <BR>} <BR>?> <BR>
php 防止sql注入代码三
<BR>function inject_check($sql_str) { //防止注入 <BR>$check = eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str); <BR>if ($check) { <BR>echo "输入非法注入内容!"; <BR>exit (); <BR>} else { <BR>return $sql_str; <BR>} <BR>} <BR>function checkurl() { //检查来路 <BR>if (preg_replace("/https教程?://([^:/]+).*/i", "1", $_server['http_referer']) !== preg_replace("/([^:]+).*/", "1", $_server['http_host'])) { <BR>header("location: http://s.jb51.net"); <BR>exit(); <BR>} <BR>} <BR>//调用 <BR>checkurl(); <BR>$str = $_get['url']; <BR>inject_check($sql_str);//这条可以在获取参数时执行操作 <BR>
搞代码网(gaodaima.com)提供的所有资源部分来自互联网,如果有侵犯您的版权或其他权益,请说明详细缘由并提供版权或权益证明然后发送到邮箱[email protected],我们会在看到邮件的第一时间内为您处理,或直接联系QQ:872152909。本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:php SQL防注入代码集合_php技巧
转载请注明原文链接:php SQL防注入代码集合_php技巧
