sql防注入代码

时间:2024-05-21 14:34:20
function defend_sql($string, $force = 1) {

    $preg = "select|insert|and|or|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile";

    if(!get_magic_quotes_gpc() || $force) {

        if(is_array($string)) {

            foreach($string as $key => $val) {

                $string[$key] = daddslashes($val, $force);

            }

        } else {

             if (preg_match("/".$preg."/is",$string) == 1){

                $string = preg_replace("/".$preg."/is","",$string);

            }

            $string = addslashes($string);

        }

    }

    return $string;

}

  

相关文章