過年前後在做一個抽獎的東西,需要使用者填寫中獎資訊,為了防止非法使用者對資料庫進行入侵神馬的,於是寫下基本的防注入語句,需要用的可以自己封裝成一個function。
1 $str = str_replace("and","",$str); 2 $str = str_replace("execute","",$str); 3 $str = str_replace("update","",$str); 4 $str = str_replace("count","",$str); 5 $str = str_replace("chr","",$str); 6 $str = str_replace("mid","",$str); 7 $str = str_replace("master","",$str); 8 $str = str_replace("truncate","",$str); 9 $str = str_replace("char","",$str); 10 $str = str_replace("declare","",$str); 11 $str = str_replace("select","",$str); 12 $str = str_replace("create","",$str); 13 $str = str_replace("delete","",$str); 14 $str = str_replace("insert","",$str); 15 $str = str_replace("'","",$str); 16 $str = str_replace("\"","",$str); 17 $str = str_replace(" ","",$str); 18 $str = str_replace("or","",$str); 19 $str = str_replace("=","",$str); 20 $str = str_replace(" ","",$str);
大家有什麼好的建議可以留言,感謝!!!