当前位置:Gxlcms > PHP教程 > php防SQL注入代码(360提供)

php防SQL注入代码(360提供)

时间:2021-07-01 10:21:17 帮助过:21人阅读

  1. /**
  2. * php防止sql注入
  3. * by bbs.it-home.org
  4. */
  5. class sqlsafe {
  6. private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
  7. private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
  8. private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
  9. /**
  10. * 构造函数
  11. */
  12. public function __construct() {
  13. foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
  14. foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
  15. foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  16. }
  17. /**
  18. * 参数检查并写日志
  19. */
  20. public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
  21. if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
  22. if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
  23. $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
  24. showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
  25. }
  26. }
  27. /**
  28. * SQL注入日志
  29. */
  30. public function writeslog($log){
  31. $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
  32. $ts = fopen($log_path,"a+");
  33. fputs($ts,$log."\r\n");
  34. fclose($ts);
  35. }
  36. }
  37. ?>

人气教程排行