当前位置:Gxlcms > PHP教程 > 防止sql注入与跨站攻击的代码分享(初级实用型)

防止sql注入与跨站攻击的代码分享(初级实用型)

时间:2021-07-01 10:21:17 帮助过:6人阅读

  1. //防注入函数
  2. function inject_check($sql_str){
  3. $check = eregi('select|insert|update|delete|\*|\/\*|\'|\.\.\/|\.\/|UNION|into|load_file|outfile',$sql_str);
  4. if($check){
  5. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  6. exit();
  7. }else{
  8. return $sql_str;
  9. }
  10. }
  11. //防跨站攻击
  12. function inject_check2($sql_str){
  13. $check =
  14. eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
  15. frameset|ilayer|layer
  16. |bgsound|title|base|onabort|onact
  17. ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
  18. |onbeforepaste|onbeforeprint|onbeforeunload|onb
  19. eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
  20. ondataavailable
  21. |ondatasetchanged|ondatasetcomplete|ondblc
  22. lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
  23. ondrop|onerror|onerrorupdate
  24. |onfilterchange|onfinish|onfocus|onfocusin|onfoc
  25. usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
  26. |onmousedown|onmouseenter|
  27. onmouseleave|onmousemove|onmouseout|onmouseover|onmou
  28. seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
  29. onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
  30. owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
  31. onsubmit|onunload',$sql_str);
  32. if($check){
  33. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  34. exit();
  35. }else{
  36. //return $sql_str;
  37. }
  38. } //by bbs.it-home.org
  39. ?>

人气教程排行