//get拦截规则 $getfilter = "\<.+javascript:window\[.{1}\\x|<.*=(&#\d+?;?)+?>|<.*(data|src)=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\()|<[a-z]+?\b[^>]*?\bon([a-z]{4,})s*?=|^\+\/v(8|9)|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; //post拦截规则 $postfilter = "<.*=(&#\d+?;?)+?>|<.*data=data:text\/html.*>|\b(alert\(|confirm\(|expression\(|prompt\(|benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\()|<[^>]*?\b(onerror|onmousemove|onload|onclick|onmouseover)\b|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; //cookie拦截规则 $cookiefilter = "benchmarks*?\(d+?|sleeps*?\([d.]+?\)|load_files*?\(|\b(and|or)\b\s*?([\(\)'"\d]+?=[\(\)'"\d]+?|[\(\)'"a-zA-Z]+?=[\(\)'"a-zA-Z]+?|>|<|s+?[\w]+?\s+?\bin\b\s*?(|\blike\b\s+?["'])|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT(\(.+\)|\s+?.+?)|UPDATE(\(.+\)|\s+?.+?)SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE)(\(.+\)|\s+?.+?\s+?)FROM(\(.+\)|\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
不多说。