php SQL防注入代码集合

　　SQL防注入代码一
复制代码 代码如下:
<?php
/**
* 防sql注入
* */
/**
* reject sql inject
*/
if (!function_exists (quote))
{
function quote($var)
{
if (strlen($var))
{
$var=!get_magic_quotes_gpc() ? $var : stripslashes($var);
$var = str_replace(,\,$var);
}
return $var;
}
}
if (!function_exists (hash_num)){
function hash_num($input)
{
$hash = 5381;
for ($i = 0; $i < strlen($str); $i++)
{
$c = ord($str{$i});
$hash = (($hash << 5) + $hash) + $c;
}
return $hash;
}
}
/**************** end *************************/
?>


复制代码 代码如下:
<?php
/**
* 防sql测试代码
CREATE TABLE IF NOT EXISTS `tb` (
`id` int(10) unsigned NOT NULL auto_increment,
`age` tinyint(3) unsigned NOT NULL,
`name` char(100) NOT NULL,
`note` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 ;
**/
include_once(common.php);
var_dump(hash_num(dddd));
if(empty($_GET))
{
$_GET = array(age=>99,name=>a\b\\\c;,note=>ab\\nc#);
}
$age = (int)$_GET[age];
$name = quote($_GET[name]);
$note = quote($_GET[note]);
$sql = INSERT INTO `tb` ( `age`, `name`, `note`) VALUES
( $age, $name, $note);
var_dump($sql);
?>

PHP 防止sql注入函数代码二：
复制代码 代码如下:
<?php
$magic_quotes_gpc = get_magic_quotes_gpc();
@extract(daddslashes($_COOKIE));
@extract(daddslashes($_POST));
@extract(daddslashes($_GET));
if(!$magic_quotes_gpc) {
$_FILES = daddslashes($_FILES);
}

function daddslashes($string, $force = 0) {
if(!$GLOBALS[magic_quotes_gpc] $force) {
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = daddslashes($val, $force);
}
} else {
$string = addslashes($string);
}
}
return $string;
}
?>

php 防止sql注入代码三
复制代码 代码如下:
function inject_check($sql_str) { //防止注入
$check = eregi(selectinsertupdatedelete/**.././unionintoload_fileoutfile, $sql_str);
if ($check) {
echo 输入非法注入内容！;
exit ();
} else {
return $sql_str;
}
}
function checkurl() { //检查来路
if (preg_replace(/https教程?://([^:/]+).*/i, 1, $_server[http_referer]) !== preg_replace(/([^:]+).*/, 1, $_server[http_host])) {
header(location:
exit();
}
}
//调用
checkurl();
$str = $_get[url];
inject_check($sql_str);//这条可以在获取参数时执行操作