PHP防sql注入
<本文原载于www.forasp.cn>
关键词: php 防注入 sql, 注入 ,防注入函数 ,php防注入
function htmldecode($str)
{
if(empty($str)) return;
if($str=="") return $str;
$str = strip_tags($str);
$str=delcode($str);
return $str;
}
function delcode($str)
{
if(empty($str)) return;
if($str=="") return $str;
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(chr(32)," ",$str);
$str=str_replace(chr(9)," ",$str);
// $str=str_replace("    ",chr(9),$str);
$str=str_replace(chr(34),"&",$str);
$str=str_replace(chr(39),"'",$str);
$str=str_replace(chr(13),"<br />",$str);
$str=str_replace("'","''",$str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cast","cas",$str);
$str=str_replace("or","os",$str);
return $str;
}
<%77w%77%2Ef%6F%72p%73%70%2Ec%6E>