A comprehensive PHP website anti-injection program

This is a comprehensive anti-injection program that combines PHP and SQL. In PHP, it mainly filters get, post, cooke, and files. In SQL, we detect and filter delete and update query commands. .

General idea of SQL injection attack

·Discover SQL injection location;
·Determine the background database type;
·Determine the executability of XP_CMDSHELL
·Discover WEB virtual directory
·Upload ASP, php, jsp Trojans;
·Get administrator rights;

//PHP whole site anti-injection program, you need to require_once this file in the public file
//Judge magic_quotes_gpc status

The code is as follows

Copy code

if (@get_magic_quotes_gpc ()) {

代码如下

复制代码

if (@get_magic_quotes_gpc ()) {
$_GET = sec ( $_GET );
$_POST = sec ( $_POST );
$_COOKIE = sec ( $_COOKIE );
$_FILES = sec ( $_FILES );
}
$_SERVER = sec ( $_SERVER );
function sec(&$array) {
//如果是数组，遍历数组，递归调用
if (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$array [$k] = sec ( $v );
}
} else if (is_string ( $array )) {
//使用addslashes函数来处理
$array = addslashes ( $array );
} else if (is_numeric ( $array )) {
$array = intval ( $array );
}
return $array;
} $_GET = sec ( $_GET );

$_POST = sec ( $_POST );

$_COOKIE = sec ( $_COOKIE );

$_FILES = sec ( $_FILES );
}
$_SERVER = sec ( $_SERVER );
function sec(&$array) {
//If it is an array, traverse the array and call recursively
if (is_array ( $array )) {
foreach ( $array as $k => $v ) {

$array [$k] = sec ( $v );

}

} else if (is_string ( $array )) {

代码如下

复制代码

//字符过滤函数
function str_check($str) {
if (inject_check ( $str )) {
die ( '非法参数' );
}
//注入判断
$str = htmlspecialchars ( $str );
//转换html
return $str;
}
function search_check($str) {
$str = str_replace ( "_", "_", $str );
//把"_"过滤掉
$str = str_replace ( "%", "%", $str );
//把"%"过滤掉
$str = htmlspecialchars ( $str );
//转换html
return $str;
}
//表单过滤函数
function post_check($str, $min, $max) {
if (isset ( $min ) && strlen ( $str ) < $min) {
die ( '最少$min字节' );
} else if (isset ( $max ) && strlen ( $str ) > $max) {
die ( '最多$max字节' );
}
return stripslashes_array ( $str );
}

//Use addslashes function to process $array = addslashes ( $array ); } else if (is_numeric ( $array )) { $array = intval ( $array ); } return $array; } 1. Judgment of integer parameters When the input parameter YY is an integer, usually the original SQL statement in abc.asp is roughly as follows: select * from table name where field=YY, so you can use the following steps to test whether SQL injection exists. ①HTTP://xxx.xxx.xxx/abc.asp?p=YY’ (with a single quote attached), at this time the SQL statement in abc.ASP becomes select * from table name where field=YY’, abc.asp runs abnormally; ②HTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=1, abc.asp runs normally, and the results are the same as HTTP://xxx.xxx.xxx/abc.asp?p=YY ; ③HTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=2, abc.asp runs abnormally; If the above three steps are fully satisfied, there must be a SQL injection vulnerability in abc.asp. Based on the above, we write an integer filter function

The code is as follows

Copy code

When the input parameter YY is a string, usually the original SQL statement in abc.asp is roughly as follows:
select * from table name where field='YY', so you can use the following steps to test whether SQL injection exists.
①HTTP://xxx.xxx.xxx/abc.asp?p=YY’ (with a single quote attached), at this time the SQL statement in abc.ASP becomes
select * from table name where field=YY’, abc.asp runs abnormally;
②HTTP://xxx.xxx.xxx/abc.asp?p=YY&;nb ... 39;1'='1', abc.asp runs normally and is the same as HTTP://xxx.xxx.xxx/abc .asp?p=YY has the same running results;
③HTTP://xxx.xxx.xxx/abc.asp?p=YY&;nb ... 39;1'='2', abc.asp runs abnormally;
If the above three steps are fully satisfied, there must be a SQL injection vulnerability in abc.asp.

return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str ); // www.hzhuti.com is filtered to prevent injection

The code is as follows

代码如下

复制代码

//防注入函数
function inject_check($sql_str) {
return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );
// www.hzhuti.com 进行过滤，防注入
}

Copy code

//Anti-injection function

function inject_check($sql_str) {

}

function stripslashes_array(&$array) {

?> Well, the injection prevention introduced in the article is relatively comprehensive. You can test it or come up with better methods.

http://www.bkjia.com/PHPjc/629668.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629668.htmlTechArticleThis is a comprehensive anti-injection program that combines php and sql. It is convenient for get and post in php. ,cooke,files are filtered. In sql, we perform delete and update query commands...

Related labels：

php sql and Compare injection of program combine consider

source：php.cn

Previous article：Classic case analysis of php sql injection and anti-injection_PHP tutorial Next article：php intval() decimal time security vulnerability analysis_PHP tutorial

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

A comprehensive PHP website anti-injection program_PHP tutorial