Home >php教程 >php手册 >php快速查找数据库中恶意代码的方法

php快速查找数据库中恶意代码的方法

WBOY
WBOYOriginal
2016-06-13 09:08:051283browse

php快速查找数据库中恶意代码的方法

   本文实例讲述了php快速查找数据库中恶意代码的方法。分享给大家供大家参考。具体如下:

  数据库被输入恶意代码,为了保证你的数据库的安全,你必须得小心去清理。有了下面一个超级方便的功能,即可快速清除数据库恶意代码。

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

function cleanInput($input) {

$search = array(

'@]*?>.*?@si', // Strip out javascript

'@]*?>@si', // Strip out HTML tags

'@

]*?>.*?

@siU', // Strip style tags properly

'@@' // Strip multi-line comments

);

$output = preg_replace($search, '', $input);

return $output;

}

function sanitize($input) {

if (is_array($input)) {

foreach($input as $var=>$val) {

$output[$var] = sanitize($val);

}

}

else {

if (get_magic_quotes_gpc()) {

$input = stripslashes($input);

}

$input = cleanInput($input);

$output = mysql_real_escape_string($input);

}

return $output;

}

// Usage:

$bad_string = "Hi! It's a good day!";

$good_string = sanitize($bad_string);

// $good_string returns "Hi! It\'s a good day!"

// Also use for getting POST/GET variables

$_POST = sanitize($_POST);

$_GET = sanitize($_GET);

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn