nginx防止sql注入
其实nginx不具备防止sql注入的功能，但是nginx可以过滤url，这样就够了

 if ($request_uri ~* "(cost\()|(concat\()") {return 404;}if ($request_uri ~* "[+|(%20)]union[+|(%20)]") {return 404;}if ($request_uri ~* "[+|(%20)]and[+|(%20)]") {return 404;}if ($request_uri ~* "[+|(%20)]select[+|(%20)]") {rewrite ^(.*) http://www.frady.info/404.html;}