Nginx prevents sql injection

The best way to prevent sql injection is to filter out all the data submitted to the backend.

For simple cases, such as including single quotes ', semicolon;, <, >, and other characters can be avoided by rewriting directly to the 404 page. There is a premise to use rewrite to know, generally using rewrite for regular matching can only match the URI of the web page, that is, the url in the front part, and the later part is the request parameter. The request parameter after the question mark is represented by $query_string in nginx. It cannot be matched in rewrite. It needs to be judged by if. For example, for the parameter with single quotes, 'match and then direct to the error page, /plus/list.php? Tid=19&mid=1124' rewrite ^.*([\\;'\\<\\>]).* /error.html break; Directly writing such an overwrite will definitely not match correctly because the rewrite parameter only Will match the requested uri, which is the /plus/list.php part. You need to use $query_string to determine with if, if the query string contains special characters, return 404. If ( $query_string ~* ".*[\\;'\\<\\>].*" ){ return 404; }