zoukankan      html  css  js  c++  java
  • PHP之SQL防注入代码(360提供)

    <?php
    class sqlsafe {
    	private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
    	private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
    	private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
    	/**
    	 * 构造函数
    	 */
    	public function __construct() {
    		foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
    		foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
    		foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
    	}
    	/**
    	 * 参数检查并写日志
    	 */
    	public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
    		if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
    		if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){   
    			$this->writeslog($_SERVER["REMOTE_ADDR"]."    ".strftime("%Y-%m-%d %H:%M:%S")."    ".$_SERVER["PHP_SELF"]."    ".$_SERVER["REQUEST_METHOD"]."    ".$StrFiltKey."    ".$StrFiltValue);
    			showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
    		}
    	}
    	/**
    	 * SQL注入日志
    	 */
    	public function writeslog($log){
    		$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
    		$ts = fopen($log_path,"a+");
    		fputs($ts,$log."
    ");
    		fclose($ts);
    	}
    }
    ?>
  • 相关阅读:
    OpenCV+iOS开发使用文档
    Mac下OpenCV开发
    vs2010+cuda5.0+qt4.8
    对于基类添加虚析构函数问题
    PMVS学习中学习c++
    解决ubuntu上opengl的问题
    js中const,var,let区别
    phpstorm 快捷键
    Chrome 控制台console的用法
    【PHP】进一法取整、四舍五入取整、忽略小数等的取整数方法大全
  • 原文地址:https://www.cnblogs.com/milantgh/p/3673838.html
Copyright © 2011-2022 走看看