防止sql注入与跨站攻击的代码分享(初级实用型)
时间:2021-07-01 10:21:17
帮助过:6人阅读
- //防注入函数
- function inject_check($sql_str){
- $check = eregi('select|insert|update|delete|\*|\/\*|\'|\.\.\/|\.\/|UNION|into|load_file|outfile',$sql_str);
- if($check){
- page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
- exit();
- }else{
- return $sql_str;
- }
- }
- //防跨站攻击
- function inject_check2($sql_str){
- $check =
- eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
- frameset|ilayer|layer
- |bgsound|title|base|onabort|onact
- ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
- |onbeforepaste|onbeforeprint|onbeforeunload|onb
- eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
- ondataavailable
- |ondatasetchanged|ondatasetcomplete|ondblc
- lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
- ondrop|onerror|onerrorupdate
- |onfilterchange|onfinish|onfocus|onfocusin|onfoc
- usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
- |onmousedown|onmouseenter|
- onmouseleave|onmousemove|onmouseout|onmouseover|onmou
- seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
- onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
- owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
- onsubmit|onunload',$sql_str);
- if($check){
- page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
- exit();
- }else{
- //return $sql_str;
- }
- } //by bbs.it-home.org
- ?>
|