过年前后在做一个抽奖的东西,需要用户填写中奖信息,为了防止非法用户对数据库进行入侵神马的,于是写下基本的防注入语句,需要用的可以自己封装成一个function。
1 $str = str_replace("and","",$str); 2 $str = str_replace("execute","",$str); 3 $str = str_replace("update","",$str); 4 $str = str_replace("count","",$str); 5 $str = str_replace("chr","",$str); 6 $str = str_replace("mid","",$str); 7 $str = str_replace("master","",$str); 8 $str = str_replace("truncate","",$str); 9 $str = str_replace("char","",$str); 10 $str = str_replace("declare","",$str); 11 $str = str_replace("select","",$str); 12 $str = str_replace("create","",$str); 13 $str = str_replace("delete","",$str); 14 $str = str_replace("insert","",$str); 15 $str = str_replace("'","",$str); 16 $str = str_replace(""","",$str); 17 $str = str_replace(" ","",$str); 18 $str = str_replace("or","",$str); 19 $str = str_replace("=","",$str); 20 $str = str_replace(" ","",$str);
大家有什么好的建议可以留言,感谢!!!