PHP filter special characters and SQL anti injection code

time:13-03-24 forum:PHP tools and code
  Reloaded from http://ekliu939.blog.163.com/blog/static/13136807220108942128415/

[code].lt;? Php
/ / / / / / / / / / / / / / / / / / / filter ',.Quot; SQL name
addslashes ();

/ / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / / method two. >function php_sava ($str)
{
$farr = array (
.Quot; /s /.quot;
); .quot; / (.Lt;.#91; ^.gt;.#93; *) on.#91; a-zA-Z.#93; s*= (.#91; ^.gt;.#93; *.gt; >);
.Quot;.Quot;
);

$str = preg_replace ($farr, $tarr, $str); .quot,.Quot,.Quot, $str);
$str = str_replace (.Quot; execute.quot;.Quot;.Quot; $str); R = str_replace (.Quot; mid.quot;.Quot;.Quot; $str);
$str = str_replace. Uot;.Quot; $str);
$str = str_replace (.Quot; select.quot;.Quot;.Quot; $str); R_replace (.Quot;'.quot;.Quot;.Quot; $str);
$str = str_replace (.Quot;.Quot); $str = str_replace (.Quot;.Quot;.Quot;.Quot; $str);
//echo $str;
> > > > > > > > / > }
foreach ($_POST as $key=.gt; $value)
{
$_POST.#91; $key.#93; =$this-.gt; Use:
copy the above code to create a new sqlin.php file, and then include the
page with GET or POST data received by
principle:
replace all SQL keywords to empty
this code is not used in the message book. If you want to use it in the message book, replace the
>.
$str = St. R_replace (.Quot; and.quot;.Quot;.Quot; $str);

$str = str_replace. TR);
$str = str_replace (.Quot; update.quot;.Quot;.Amp; #117; pdate.quot; $str).
$str = str_replace (.Quot; master.quot;.Quot;.Amp; #109; aster.quot; $str); Re.quot; $str);
$str = str_replace (.Quot;.Quot;.Amp; #115; elect.quot; $str). Amp; #105; nsert.quot; $str);
$str = str_replace (.Quot;'.quot;.Quot;.Amp); Reference string

string addslashes (string STR)


return string, which requires a backslash before certain characters for database query statements, and so on. These characters are single quotation marks ('), double quotes (.Quot;), backslashes () and NUL (NULL characters).

an example of using addslashes () is when you want to input data into the database. For example, inserting the name O'reilly into the database requires an escape from it. Most databases are used as escape characters: O\'reilly. This allows data to be placed in the database without inserting additional ones. When the PHP instruction magic_quotes_sybase is set to on, it means that when you insert it, you will use it to escape.

by default, the PHP instruction magic_quotes_gpc is on, which mainly runs automatically addslashes () for all GET, POST and COOKIE data. Do not use addslashes () for strings that have been escaped by magic_quotes_gpc, because this leads to double escape. In this case, you can use function get_magic_quotes_gpc () to detect.

get_magic_quotes_gpc ()

this function gets the value magic_quotes_gpc (GPC, Get/Post/Cookie) value of PHP environment configuration. Returning 0 means closing this function; returning 1 indicates that this function is open. When the magic_quotes_gpc is opened, all the '(single quotes),.Quot; (double quotes), \ (backslash) and empty characters automatically turn to the overflow character containing the backslash.

addslashes and stripslashes are very difficult to remember when operating the character of a database in PHP, but at first glance, it seems difficult to remember, but as long as analysis, add is an increase, strip is a plural that ignores.Slash is a slash, slash is the plural of a slash. Then addslashes is the meaning of increasing the slash, because some special characters are written to the database. There will be problems, such as.Quot; 'and so on, so add \ to the special symbols, tell the database that those special symbols are strings, and the same stripslashes is to take off the slash.



htmlspecialchars to convert some special characters into HTML code, commonly used. The occasion may be the message version that handles the client's message.

these special characters are limited to the following:

.Amp; -.gt;.Amp; amp;
-.gt;.Amp; quot; We can't let go, including all kinds of special characters and Chinese, so the result is that the Chinese character part becomes a mess.

htmlspecialchars_decode is the reverse process of htmlspecialchars, converting the encoding of HTML into characters.

prev:PHP gets all the pictures in the web pag... next:
post comment
Notice



approved   The walls and towers of the Ji'nan m...   A rural girl's monologue: what's the...   How the deaf and dumb girls become t...   These old photos of Ji'nan, which ha...   What can you eat for 10 dollars? The...
rand   The use of PHP real multithreading   PHP reads all the same types of file...   PHP garbled problem, UTF-8 (garbled)...   PHP code instance for importing SQL ...   Php Ajax implements page turning eff...
ads

other

Because all the contents of this site are reproduced from other media, the intention is to provide free services to the public, but it does not mean that this site agrees with its views, and can not be responsible for the authenticity of its verification, such as the copyright unit or individual of the manuscript does not want to publish on this site, please Contact me, I will immediately remove it, thank you. Contact: atseashawk@163.com