如何解决PHP SQL Server安全性方法-哪个更好?
我正在学习PHP,并想问一下这两种不同方法中哪一种在sql Server安全性方面更好?假设它将用于登录表单。
功能#1
function SanitizeInput($in,$len = 20)
{
return substr(preg_replace("/[^a-zA-Z0-9_]/","",htmlspecialchars(htmlentities(strip_tags($in)))),$len);
}
用法:
$ username = $ thisDB-> SanitizeInput($ _ POST ['username']);
功能#2&3
function security($text) {
$text = trim($text);
$search = array('','',',');
$replace = array('C','c','G','g','i','I','O','o','S','s','U','u');
$new_text = str_replace($search,$replace,$text);
return $new_text;
}
function sqlSecurity($text) {
$text = trim(htmlspecialchars($text));
$search = array("'",'"',"TruncATE","truncate","UPDATE","update","SELECT","select","DROP","drop","DELETE","delete","WHERE","where","EXEC","exec","INSERT INTO","insert into","PROCEDURE","procedure","--");
$replace = array("","");
$new_text = str_replace($search,$text);
return $new_text;
}
用法:
$ username = $ thisDB-> sqlSecurity($ thisDB-> security($ _ POST ['username']));
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
