php¶Ôsql injectionµÄ·À·¶

¶Ôhttp request¹ýÀ´µÄÊý¾Ý£¬·²ÊǺ¬Óе¥ÒýºÅ£¬Ë«ÒýºÅ£¬·´Ð±Ïߵȶ¼½øÐмÓбÏß´¦Àí¡£·ÀÖ¹½øÐÐ×¢Èë²Ù×÷¡£
/*
¶ÂSQL©¶´
*/
function quotes($content){

//Èç¹ûmagic_quotes_gpc=Off£¬ÄÇô¾Í¿ªÊ¼´¦Àí
if (!get_magic_quotes_gpc()) {
//ÅжÏ$contentÊÇ·ñΪÊý×é
if (is_array($content)) {
//Èç¹û$contentÊÇÊý×飬ÄÇô¾Í´¦ÀíËüµÄÿһ¸öµ¥ÎÞ
foreach ($content as $key=>$value) {
$content[$key] = mysql_real_escape_string($value);
}
} else {
//Èç¹û$content²»ÊÇÊý×飬ÄÇô¾Í½ö´¦ÀíÒ»´Î
$content = mysql_real_escape_string($content);
}

}
//·µ»Ø$content
return $content;
}
µ±´«µÝ¹ýÀ´µÄ²ÎÊýÊÇÒ»¸öidµÄ»°¡£ÄÇôÎÒÃÇ¿ÉÒÔÖ±½ÓÓà $id = intval($_GET('id'));½øÐÐintÐÍ´¦Àí£¨ÓÃsettypeÒ²ÐУ©¡£
ÍøÉÏÒ²ÓÐÈËÊǶÔÆä¹Ø¼ü×Ö¹ýÂ˽øÐд¦ÀíµÄ£¬È磺
function inject_check($sql_str){
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // ½øÐйýÂË
}
ÎÒ¾õµÃ´Ë·½·¨²»¿ÉÈ¡ÊÇÒòΪÎÒÔÚÒ»¸ö´óµÄÊäÈë¿òÀïPOST¹ýÀ´µÄÊý¾Ý»ò¶à»òÉÙ¶¼°üº¬ÕâЩ¹Ø¼ü×Ö£¬ÄѵÀɱһÙÓ°Ù£¿ËäÈ»ÕâÑù¸ü°²È«£¬µ«²»·½±ã¡£
ËùÒÔÎÒ²ÉÓÃÉÏÒ»¸ö·½·¨£¬Èç¹ûÉÏÒ»¸ö·½·¨ÓÐÉÏÃæ²»ºÃÖ®´¦»òÕßÒÉÎÊ£¬¿ÉÒÔÁôÑÔÌÖÂÛ¡££º£©