<?php /************************* 說明： 判斷傳遞的變量中是否含有非法字符 如$_POST、$_GET 功能： 防注入 *************************///要過濾的非法字符 $ArrFiltrate=array("'","%","#","<",">","or","and","union","where","select","update","chr","delete","%20from",";","insert","mid","master","set","chr(37)","iframe","script","javascript","vbscript","exec"); //出錯后要跳轉的url,不填則默認前一頁 $StrGoUrl="Err.php"; //是否存在數組中的值 function FunStringExist($StrFiltrate,$ArrFiltrate){ foreach ($ArrFiltrate as $key=>$value){ echo "<script language='javascript'>console.log('正在判斷表單 ".$StrFiltrate." 的值中是否存在".$value."子串')</script>";if (substr_count($StrFiltrate,$value)>=1){ return true; } } return false; } //合并$_POST 和 $_GET $ArrPostAndGet=array(); foreach($_POST as $key=>$value){ $ArrPostAndGet[$key]=$value; } foreach($_GET as $key=>$value){ $ArrPostAndGet[$key]=$value; } //驗證開始 foreach($ArrPostAndGet as $key=>$value){ echo "<script language='javascript'>console.log('正在檢驗表單 ".$key." 的值')</script>"; if (FunStringExist($value,$ArrFiltrate)){ echo "<script language='javascript'>alert('出錯了！表單 ".$key." 的值中包含非法字符串！\\n\\n請不要在表單中出現： % & * # ( ) 等非法字符！');</script>"; if (empty($StrGoUrl)){ echo "<script language='javascript'>history.go(-1);</script>"; }else{ echo "<script language='javascript'>window.location='".$StrGoUrl."';</script>"; } exit; } } /***************結束防止PHP注入*****************/?>

參考文章

https://www.cnblogs.com/syx9527/p/3988472.html

https://zixuephp.net/article-130.html

與50位技術專家面對面20年技術見證，附贈技術全景圖

總結

以上是生活随笔為你收集整理的PHPMySQL——防止SQL注入-代码片段的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。