if (!function_exists('sql_filter')) {
/**
* sql 参数过滤
* @param string $str
* @return mixed
*/
function sql_filter(string $str)
{
$filter = ['select ', 'insert ', 'update ', 'delete ', 'drop', 'truncate ', 'declare', 'xp_cmdshell', '/add', ' or ', 'exec', 'create', 'chr', 'mid', ' and ', 'execute'];
$toupper = array_map(function ($str) {
return strtoupper($str);
}, $filter);
return str_replace(array_merge($filter, $toupper, ['%20']), '', $str);
}
}
