防止sql注入

mysql_real_escape_string方法

http://www.w3school.com.cn/php/func_mysql_real_escape_string.asp



//过滤REQUEST串
function checkurl (){
    $words = array();
    $words[] = " add ";
    $words[] = " count ";
    $words[] = " create ";
    $words[] = " delete ";
    $words[] = " drop ";
    $words[] = " from ";
    $words[] = " grant ";
    $words[] = " insert ";
    $words[] = " select ";
    $words[] = " truncate ";
    $words[] = " update ";
    $words[] = " use ";
    $words[] = "-- ";
    foreach($_REQUEST as $strGot) {
        $strGot = strtolower($strGot);
        foreach($words as $word) {
            if (strstr($strGot, $word)) {
                echo "您输入的内容含有非法字符！";
                exit; 
            }
        }
    }
}
checkurl();//包含SQL断开

防止sql注入

标签：