PHP简易的防注入代码

                  /**********************
Powered by Lovegn(http://www.mycodes.net)
Written On 2010.3.12
*************************/
//要过滤的非法字符$ArrFilter=array(“‘”,”;”,”union”);  //敏感字符和字符串，可自行定义//出错后要跳转的url,不填则默认前一页$StrGoUrl=”";//是否存在数组中的值function DangerStringExist($StrFilter,$ArrFilter){foreach ($ArrFilter as $key=>$value){if (eregi($value,$StrFilter)){return true;}}return false;}//合并$_POST   $_GET 和 $_COOKIEif(function_exists(array_merge)){$ArrGPC=array_merge($_POST,$_GET,$_COOKIE);}else{foreach($_POST as $key=>$value){$ArrGPC[]=$value;}foreach($_GET as $key=>$value){$ArrGPC[]=$value;}foreach($_COOKIE as $key=>$value){$ArrGPC[]=$value;}}foreach($ArrGPC as $key=>$value){if(DangerStringExist($value,$ArrFilter)){echo “”;if (empty($StrGoUrl)){echo “”;}else{echo “”;}exit;}}?>
$ArrFilter=array(“‘”,”;”,”union”);  //敏感字符和字符串，可自行定义//出错后要跳转的url,不填则默认前一页$StrGoUrl=”";//是否存在数组中的值function DangerStringExist($StrFilter,$ArrFilter){foreach ($ArrFilter as $key=>$value){if (eregi($value,$StrFilter)){return true;}}return false;}//合并$_POST ， $_GET 和 $_COOKIEif(function_exists(array_merge)){$ArrGPC=array_merge($_POST,$_GET,$_COOKIE);}else{foreach($_POST as $key=>$value){$ArrGPC[]=$value;}foreach($_GET as $key=>$value){$ArrGPC[]=$value;           }foreach($_COOKIE as $key=>$value){$ArrGPC[]=$value;           }}foreach($ArrGPC as $key=>$value){if(DangerStringExist($value,$ArrFilter)){echo “”;if (empty($StrGoUrl)){echo “”;}else{echo “”;     }exit;}}?>
    针对GPC的注入的简单防注入代码，将上面代码保存为GPC_sql.php,然后在你想保护得文件中头部inlcude即可工作。