Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > PHP anti-SQL injection code (provided by 360)

PHP anti-SQL injection code (provided by 360)

WBOY
Release: 2016-07-25 08:54:54
Original
1324 people have browsed it
  2. /**
  3. * php prevents sql injection
  4. * by bbs.it-home.org
  5. */
  6. class sqlsafe {
  7. private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  8. private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  9. private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  10. /**
  11. *Constructor
  12. */
  13. public function __construct() {
  14. foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
  15. foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
  16. foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  17. }
  18. /**
  19. * Parameter checking and writing logs
  20. */
  21. public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
  22. if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
  23. if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
  24. $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
  25. showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
  26. }
  27. }
  28. /**
  29. *SQL injection log
  30. */
  31. public function writeslog($log){
  32. $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
  33. $ts = fopen($log_path,"a+");
  34. fputs($ts,$log."rn");
  35. fclose($ts);
  36. }
  37. }
  38. ?>
复制代码


Related labels:
php防SQL注入代码(360提供)
source:php.cn
Previous article:Modify PHP upload file size limit Next article:PHP gets php, mysql and apache versions
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
3
2055
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
11
2211
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1865
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1750
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1776
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template