Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > body text

Code sharing to prevent SQL injection and cross-site attacks (junior practical)

WBOY
Release: 2016-07-25 08:57:17
Original
1061 people have browsed it
  2. //防注入函数
  3. function inject_check($sql_str){
  4. $check = eregi('select|insert|update|delete|*|/*|'|../|./|UNION|into|load_file|outfile',$sql_str);
  5. if($check){
  6. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  7. exit();
  8. }else{
  9. return $sql_str;
  10. }
  11. }
  12. //防跨站攻击
  13. function inject_check2($sql_str){
  14. $check =
  15. eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
  16. frameset|ilayer|layer
  17. |bgsound|title|base|onabort|onact
  18. ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
  19. |onbeforepaste|onbeforeprint|onbeforeunload|onb
  20. eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
  21. ondataavailable
  22. |ondatasetchanged|ondatasetcomplete|ondblc
  23. lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
  24. ondrop|onerror|onerrorupdate
  25. |onfilterchange|onfinish|onfocus|onfocusin|onfoc
  26. usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
  27. |onmousedown|onmouseenter|
  28. onmouseleave|onmousemove|onmouseout|onmouseover|onmou
  29. seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
  30. onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
  31. owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
  32. onsubmit|onunload',$sql_str);
  33. if($check){
  34. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  35. exit();
  36. }else{
  37. //return $sql_str;
  38. }
  39. } //by bbs.it-home.org
  40. ?>
复制代码


Related labels:
防止sql注入与跨站攻击的代码分享(初级实用型)
source:php.cn
Previous article:PHP file download function (supports multiple formats) Next article:Simple mysql tool implemented in php (execute multiple sql statements)
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...
From 2024-04-29 11:01:01
0
2
1915
How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?
From 2024-04-23 00:22:19
0
10
2090
The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.
From 2024-04-19 15:37:47
0
1
1758
There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...
From 2024-04-18 23:52:34
0
1
1661
Where is the courseware about CSS mind mapping? Courseware
From 2024-04-16 10:10:18
0
0
1668
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template