php防注入--sql

//防SQL注入function check_sql($word){$words = array();$words[] = "add";$words[] = "count";$words[] = "create";$words[] = "delete";$words[] = "drop";$words[] = "from";$words[] = "grant";$words[] = "insert";$words[] = "truncate";$words[] = "update";$words[] = "use";$words[] = "like";$words[] = "or";$words[] = "cas";$words[] = "rename";$words[] = "alter";$words[] = "modify";$words[] = "select";$words[] = "join";$words[] = "union";$words[] = "where";$words[] = "and";$words[] = "execute";    $words[] = "chr";  $words[] = "mid";    $words[] = "master";    $words[] = "truncate";    $words[] = "char";$w = strtolower($word);if(stristr($w,'--')){return '';}if(preg_match("/[\(\)=\'\"]/",$w)){foreach($words as $t){if(preg_match("/$t\b/",$w)){return '';}}}return $word;}