/************************************************
*SQL防注入函数
*@time 2014年6月24日18:50:59
*
*/
public function safe_replace($string){
$string = str_replace('%20','',$string);
$string = str_replace('%27','',$string);
$string = str_replace('%2527','',$string);
$string = str_replace('*','',$string);
$string = str_replace('"','"',$string);
$string = str_replace("'",'',$string);
$string = str_replace('"','',$string);
$string = str_replace(';','',$string);
$string = str_replace('<','&lt;',$string);
$string = str_replace('>','&gt;',$string);
$string = str_replace("{",'',$string);
$string = str_replace('}','',$string);
$string = str_replace("or","",$string);
$string = str_replace("=","",$string);
$string = str_replace("and","",$string);
$string = str_replace("execute","",$string);
$string = str_replace("update","",$string);
$string = str_replace("count","",$string);
$string = str_replace("chr","",$string);
$string = str_replace("mid","",$string);
$string = str_replace("master","",$string);
$string = str_replace("truncate","",$string);
$string = str_replace("char","",$string);
$string = str_replace("declare","",$string);
$string = str_replace("select","",$string);
$string = str_replace("create","",$string);
$string = str_replace("delete","",$string);
$string = str_replace("insert","",$string);
return $string;
}
05-11 19:24