php教程 防止sql注入代碼
*/
function inject_check($sql_str) { //防止注入
$check = eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);
if ($check) {
echo "輸入非法注入內容!";
exit ();
} else {
return $sql_str;
}
}
function checkurl() { //檢查來路
if (preg_replace("/https教程?://([^:/]+).*/i", "1", $_server['http_referer']) !== preg_replace("/([^:]+).*/", "1", $_server['http_host'])) {
header("location: http://www.zhutiai.com");
exit();
}
}
//調用
checkurl();
$str = $_get['url'];
inject_check($sql_str);//這條可以在獲取參數時執行操作
