好了为php开发者提供了一款php sql 防注入与字符过滤以及各种过滤代码,实例如下:

1. //==防注入自动过滤[启用后程序效率低]==
2. /*
3. function inject_checks($sql_str){return eregi('select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile', $sql_str);}
4. foreach ($_REQUEST as $value){if (inject_checks($value)){echo "<script language=javascript>alert('你提交的数据非法，请检查后重新提交！');</script>";exit;}}
5. */
6. //==防注[inject_check($sql_str)]==========================================================================================
7. function inject_check($sql_str){
8. if (eregi('select|insert|update|delete|union|into|load_file|outfile', $sql_str)){echo "<script language=javascript>alert('你提交的数据非法，请检查后重新提交！');</script>";exit;}
9. return $sql_str;
10. }
11. //==字符过滤[safe_convert($string)]==============================================================================
12. function safe_convert($string){ //Words Filter
13. if(get_magic_quotes_gpc()){ //转义字符 加上反斜线
14. $string=htmlspecialchars($string, ENT_QUOTES); //将特殊字元转成HTML字串格式如 "&"转成"&amp;"
15. $string=str_replace("<","&lt;",$string); //替换
16. $string=str_replace(">","&gt;",$string); //替换
17. $string=str_replace("\", '&#92;', $string); //替换
18. } else {
19. $string=addslashes($string); //转义字符 加上反斜线 //$string=stripslashes($string); //去掉反斜线
20. $string=str_replace("\\", '&#92;', $string);
21. }
22. //$string=str_replace("r","<br/>",$string); //换行
23. //$string=str_replace("n","",$string); //空格
24. $string=str_replace("t","&nbsp;&nbsp;",$string); //空格
25. $string=str_replace(" "," &nbsp;",$string); //空格
26. //$string=str_replace('|', '&#124;', $string); //替换 同分类系统有冲突
27. $string=str_replace("&amp;#96;","&#96;",$string); //替换
28. $string=str_replace("&amp;#92;","&#92;",$string); //替换
29. return $string;
30. }
31. //==字符反过滤[unsafe_convert($string)]==============================================================================
32. function unsafe_convert($string){ //Words Filter
33. $string=str_replace("&#92;&quot;","&quot;",$string); //替换
34. return $string;
35. }
36. //==字符过滤[filter($string)]============================================================================================
37. function filter($string){ //Words Filter
38. include("Filter.php");//词汇过滤列表
39. foreach($badwords as $badword){
40. if(stristr($string,$badword)==true){echo "<script language=javascript>alert('警告：你提交的内容含有敏感字眼，请更换内容。');</script>";exit;} //开源代码phpfensi.com
41. }
42. return $string;
43. }