Home >Backend Development >PHP Tutorial >PHP simple parameter filtering code learning

PHP simple parameter filtering code learning

WBOY
WBOYOriginal
2016-07-25 08:58:421202browse
  1. /**
  2. * Parameter filtering code
  3. * edit bbs.it-home.org
  4. */
  5. if (@get_magic_quotes_gpc ()) {
  6. $_GET = sec ( $_GET );
  7. $_POST = sec ( $_POST );
  8. $_COOKIE = sec ( $_COOKIE );
  9. $_FILES = sec ( $_FILES );
  10. }
  11. $_SERVER = sec ( $_SERVER );
  12. function sec(&$array) {
  13. //If it is an array, traverse the array and call it recursively
  14. if (is_array ( $array )) {
  15. foreach ( $array as $k => $v ) {
  16. $array [$k] = sec ( $v );
  17. }
  18. } else if (is_string ( $array )) {
  19. //Use the addslashes function to process
  20. $array = addslashes ( $array );
  21. } else if (is_numeric ( $array )) {
  22. $array = intval ( $array );
  23. }
  24. return $array;
  25. }
  26. ?>
Copy code

1. Judgment of integer parameters When the input parameter YY is an integer, usually the original SQL statement in abc.asp is roughly as follows: select * from table name where field=YY, so you can use the following steps to test whether SQL injection exists. ①HTTP://xxx.xxx.xxx/abc.asp?p=YY’ (with a single quote attached), at this time the SQL statement in abc.ASP becomes select * from table name where field=YY’, abc.asp runs abnormally; ②HTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=1, abc.asp runs normally, and the results are the same as HTTP://xxx.xxx.xxx/abc.asp?p=YY ; ③HTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=2, abc.asp runs abnormally; If the above three steps are fully satisfied, there must be a SQL injection vulnerability in abc.asp.

An integer filter function, the code is as follows:

  1. function num_check($id) {

  2. if (! $id) {
  3. die ( 'Parameter cannot be empty!' );
  4. } // Whether it is empty Judgment
  5. else if (inject_check ( $id )) {
  6. die ( 'illegal parameter' );
  7. } // Injection judgment
  8. else if (! is_numetic ( $id )) {
  9. die ( 'illegal parameter' );
  10. }
  11. //Number judgment
  12. $id = intval ($id);
  13. //Integerization
  14. return $id;
  15. }

  16. //Character filter function

  17. function str_check($str ) {
  18. if (inject_check ( $str )) {
  19. die ( 'illegal parameter' );
  20. }
  21. //Injection judgment
  22. $str = htmlspecialchars ( $str );
  23. //Convert html
  24. return $str;
  25. }
  26. function search_check($str) {
  27. $str = str_replace ( "_", "_", $str );
  28. //Filter out "_"
  29. $str = str_replace ( "%", "%", $ str );
  30. //Filter out "%"
  31. $str = htmlspecialchars ( $str );
  32. //Convert html
  33. return $str;
  34. }
  35. //Form filter function
  36. function post_check($str, $min, $max) {
  37. if (isset ( $min ) && strlen ( $str ) < $min) {
  38. die ( 'minimum $min bytes' );
  39. } else if (isset ( $max ) && strlen ( $ str ) > $max) {
  40. die ( 'Up to $max bytes' );
  41. }
  42. return stripslashes_array ( $str );
  43. }
  44. ?>

Copy code

When the input parameter YY is a string, usually the original SQL statement in abc.asp is roughly as follows: select * from table name where field='YY', so you can use the following steps to test whether SQL injection exists. ①HTTP://xxx.xxx.xxx/abc.asp?p=YY’ (with a single quote attached), at this time the SQL statement in abc.ASP becomes select * from table name where field=YY’, abc.asp runs abnormally; ②HTTP://xxx.xxx.xxx/abc.asp?p=YY&;nb … 39;1'='1', abc.asp runs normally and is the same as HTTP://xxx.xxx.xxx/abc.asp ?p=YY has the same running results; ③HTTP://xxx.xxx.xxx/abc.asp?p=YY&;nb … 39;1'='2', abc.asp runs abnormally; If the above three steps are fully satisfied, there must be a SQL injection vulnerability in abc.asp.

Attach a function to prevent sql injection:

  1. //Anti-injection function
  2. function inject_check($sql_str) {
  3. return eregi ( 'select|inert|update|delete|'|/*|*|../|./ |UNION|into|load_file|outfile', $sql_str );
  4. // Filter to prevent injection into bbs.it-home.org
  5. }
  6. function stripslashes_array(&$array) {
  7. if (is_array ( $array )) {
  8. foreach ( $array as $k => $v ) {
  9. $array [$k] = stripslashes_array ( $v );
  10. }
  11. } else if (is_string ( $array )) {
  12. $array = stripslashes ( $ array );
  13. }
  14. return $array;
  15. }
  16. ?>
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn