标签:for 过滤 int where sql注入 param and turn blog
替换掉sql关键字,进行处理
function sqlCheck($parameter){ $arr = array(); foreach($parameter as $k=>$v){ $arr[$k] = sprintf("%s",preg_replace(‘/\b(=|<|>|and|or|;|where|from|not|HAVING|select)\b/im‘,‘‘,$v)); } return $arr; } $_GET = sqlCheck($_GET); $_POST = sqlCheck($_POST); $_REQUEST = sqlCheck($_REQUEST);
标签:for 过滤 int where sql注入 param and turn blog
原文地址:http://www.cnblogs.com/gggzly/p/6033598.html
