php防止sql注入漏洞代码

<?php//Code By Safefunction customError($errno, $errstr, $errfile, $errline){  echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />"; die();}set_error_handler("customError",E_ERROR);$getfilter="'|(and|or)//b.+?(>|<|=|in|like)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";$postfilter="//b(and|or)//b.{1,6}?(=|>|<|//bin//b|//blike//b)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";$cookiefilter="//b(and|or)//b.{1,6}?(=|>|<|//bin//b|//blike//b)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){ if(is_array($StrFiltValue)) {     $StrFiltValue=implode($StrFiltValue); }   if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){            print "notice:Illegal operation!";         exit(); }      }  foreach($_GET as $key=>$value){  StopAttack($key,$value,$getfilter);}foreach($_POST as $key=>$value){  StopAttack($key,$value,$postfilter);}foreach($_COOKIE as $key=>$value){  StopAttack($key,$value,$cookiefilter);}?>