管理资源吧首页>>>教程>>>编程>>>PHP教程>>>

php SQL防注入代码集合

  SQL防注入代码一

  

复制代码 代码如下:

  <?php

  /**

  * 防sql注入

  * @author: [email protected]

  * */

  /**

  * reject sql inject

  */

  if (!function_exists (quote))

  {

  function quote($var)

  {

  if (strlen($var))

  {

  $var=!get_magic_quotes_gpc() ? $var : stripslashes($var);

  $var = str_replace("'","\'",$var);

  }

  return "'$var'";

  }

  }

  if (!function_exists (hash_num)){

  function hash_num($input)

  {

  $hash = 5381;

  for ($i = 0; $i < strlen($str); $i++)

  {

  $c = ord($str{$i});

  $hash = (($hash << 5) + $hash) + $c;

  }

  return $hash;

  }

  }

  /**************** end *************************/

  ?>

  

复制代码 代码如下:

  <?php

  /**

  * 防sql测试代码

  CREATE TABLE IF NOT EXISTS `tb` (

  `id` int(10) unsigned NOT NULL auto_increment,

  `age` tinyint(3) unsigned NOT NULL,

  `name` char(100) NOT NULL,

  `note` text NOT NULL,

  PRIMARY KEY (`id`)

  ) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;

  **/

  include_once('common.php');

  var_dump(hash_num('dddd'));

  if(empty($_GET))

  {

  $_GET = array('age'=>'99','name'=>'a\'b\\\'c";','note'=>"a'b\'\nc#");

  }

  $age = (int)$_GET['age'];

  $name = quote($_GET['name']);

  $note = quote($_GET['note']);

  $sql = "INSERT INTO `tb` ( `age`, `name`, `note`) VALUES

  ( $age, $name, $note)";

  var_dump($sql);

  ?>

  PHP 防止sql注入函数代码二:

  

复制代码 代码如下:

  <?php

  $magic_quotes_gpc = get_magic_quotes_gpc();

  @extract(daddslashes($_COOKIE));

  @extract(daddslashes($_POST));

  @extract(daddslashes($_GET));

  if(!$magic_quotes_gpc) {

  $_FILES = daddslashes($_FILES);

  }

  function daddslashes($string, $force = 0) {

  if(!$GLOBALS['magic_quotes_gpc'] || $force) {

  if(is_array($string)) {

  foreach($string as $key => $val) {

  $string[$key] = daddslashes($val, $force);

  }

  } else {

  $string = addslashes($string);

  }

  }

  return $string;

  }

  ?>

  php 防止sql注入代码三

  

复制代码 代码如下:

  function inject_check($sql_str) { //防止注入

  $check = eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);

  if ($check) {

  echo "输入非法注入内容!";

  exit ();

  } else {

  return $sql_str;

  }

  }

  function checkurl() { //检查来路

  if (preg_replace("/https教程?://([^:/]+).*/i", "1", $_server['http_referer']) !== preg_replace("/([^:]+).*/", "1", $_server['http_host'])) {

  header("location: http://s.glzy8.com");

  exit();

  }

  }

  //调用

  checkurl();

  $str = $_get['url'];

  inject_check($sql_str);//这条可以在获取参数时执行操作

教程首页 更多教程