zoukankan      html  css  js  c++  java
  • 360提供的SQL防注入

    <?php
    class sqlsafe {
        private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
        private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
        private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
        /**
         * 构造函数
         */
        public function __construct() {
            foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
            foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
            foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
        }
        /**
         * 参数检查并写日志
         */
        public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
            if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
            if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){   
                $this->writeslog($_SERVER["REMOTE_ADDR"]."    ".strftime("%Y-%m-%d %H:%M:%S")."    ".$_SERVER["PHP_SELF"]."    ".$_SERVER["REQUEST_METHOD"]."    ".$StrFiltKey."    ".$StrFiltValue);
                showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
            }
        }
        /**
         * SQL注入日志
         */
        public function writeslog($log){
            $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
            $ts = fopen($log_path,"a+");
            fputs($ts,$log."
    ");
            fclose($ts);
        }
    

      

  • 相关阅读:
    android中src和background区别
    html标签大全
    android横竖屏切换时activity的生命周期
    onInterceptTouchEvent和onTouchEvent调用时序
    Android Activity单例
    Android dispatchTouchEvent
    android 2D API相关
    杭电 1085 Holding BinLaden Captive!
    杭电 1715 大菲波数
    杭电 1492 The number of divisors(约数) about Humble Numbers
  • 原文地址:https://www.cnblogs.com/adtuu/p/5844599.html
Copyright © 2011-2022 走看看