php 防注入与字符反过滤代码
好了为php开发者提供了一款php sql 防注入与字符过滤以及各种过滤代码,实例如下:
-
-
-
-
-
- function inject_check($sql_str){
- if (eregi('select|insert|update|delete|union|into|load_file|outfile', $sql_str)){echo "<script language=javascript>alert('你提交的数据非法,请检查后重新提交!');</script>";exit;}
- return $sql_str;
- }
-
- function safe_convert($string){
- if(get_magic_quotes_gpc()){
- $string=htmlspecialchars($string, ENT_QUOTES);
- $string=str_replace("<","<",$string);
- $string=str_replace(">",">",$string);
- $string=str_replace("\", '\', $string);
- } else {
- $string=addslashes($string);
- $string=str_replace("\\", '\', $string);
- }
-
-
- $string=str_replace("t"," ",$string);
- $string=str_replace(" "," ",$string);
-
- $string=str_replace("&#96;","`",$string);
- $string=str_replace("&#92;","\",$string);
- return $string;
- }
-
- function unsafe_convert($string){
- $string=str_replace("\"",""",$string);
- return $string;
- }
-
-
- function filter($string){
- include("Filter.php");
- foreach($badwords as $badword){
- if(stristr($string,$badword)==true){echo "<script language=javascript>alert('警告:你提交的内容含有敏感字眼,请更换内容。');</script>";exit;}
- }
- return $string;
- }