自定义防SQL注入函数

时间：2014-06-26 18:22:50 收藏：0 阅读：255
　　/************************************************
    *SQL防注入函数
    *@time 2014年6月24日18:50:59
    *
    */
    public function safe_replace($string){
        $string = str_replace(‘%20‘,‘‘,$string);
        $string = str_replace(‘%27‘,‘‘,$string);
        $string = str_replace(‘%2527‘,‘‘,$string);
        $string = str_replace(‘*‘,‘‘,$string);
        $string = str_replace(‘"‘,‘&quot;‘,$string);
        $string = str_replace("‘",‘‘,$string);
        $string = str_replace(‘"‘,‘‘,$string);
        $string = str_replace(‘;‘,‘‘,$string);
        $string = str_replace(‘<‘,‘&lt;‘,$string);
        $string = str_replace(‘>‘,‘&gt;‘,$string);
        $string = str_replace("{",‘‘,$string);
        $string = str_replace(‘}‘,‘‘,$string);
        $string = str_replace("or","",$string);
        $string = str_replace("=","",$string);
        $string = str_replace("and","",$string);
        $string = str_replace("execute","",$string);
        $string = str_replace("update","",$string);
        $string = str_replace("count","",$string);
        $string = str_replace("chr","",$string);
        $string = str_replace("mid","",$string);
        $string = str_replace("master","",$string);
        $string = str_replace("truncate","",$string);
        $string = str_replace("char","",$string);
        $string = str_replace("declare","",$string);
        $string = str_replace("select","",$string);
        $string = str_replace("create","",$string);
        $string = str_replace("delete","",$string);
        $string = str_replace("insert","",$string);
        return $string;
    }
自定义防SQL注入函数,布布扣,bubuko.com