<?php
class sqlsafe {
private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
public function __construct() {
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
}
}
public function writeslog($log){
$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
$ts = fopen($log_path,"a+");
fputs($ts,$log."\r\n");
fclose($ts);
}
}This class library first constructs the function parameters, then checks and writes the log, and finally checks the SQL injection log. It is a very useful PHP class library to prevent SQL injection
All resources on this site are contributed by netizens or reprinted by major download sites. Please check the integrity of the software yourself! All resources on this site are for learning reference only. Please do not use them for commercial purposes. Otherwise, you will be responsible for all consequences! If there is any infringement, please contact us to delete it. Contact information: admin@php.cn
Related Article
How Does Go's `database/sql` Library Prevent SQL Injection Attacks?20Dec2024
Preventing SQL Injection Attacks in Go with the "database/sql" LibraryIn web development, SQL injection attacks pose a significant security...
How Does Go's 'database/sql' Library Prevent SQL Injection Attacks?25Dec2024
Preventing SQL Injection Attacks with "database/sql" in GoWhen building web applications, securing input is crucial to prevent malicious attacks....
06Jul2016
It was past 11 o'clock last night, and a friend suddenly came to me and told me that a vulnerability in their company's website had been submitted to wooyun. (Then I briefly learned about the vulnerability with the girl. PS: The girl is a PHP programmer) Two vulnerabilities were submitted on wooyun, one of which was SQL injection (after understanding, their company...
How to Effectively Prevent SQL Injection in PHP Applications?30Dec2024
How to Prevent SQL Injection in PHPDirectly inserting user input into an SQL query without any modifications leaves an application vulnerable to...
How to Effectively Prevent SQL Injection with PHP MySQLi?18Nov2024
SQL Injection Prevention with PHP MySQLITo prevent SQL injection when using PHP MySQLI, it is crucial to secure all variables involved in your SQL...
Is `addslashes()` in PHP Sufficient to Prevent SQL Injection Attacks?01Dec2024
SQL Injection Vulnerability through addslashes()In PHP, the addslashes() function is used to escape special characters in a string. However, this...
Hot Tools
PHP library for dependency injection containers
PHP library for dependency injection containers
A collection of 50 excellent classic PHP algorithms
Classic PHP algorithm, learn excellent ideas and expand your thinking
Small PHP library for optimizing images
Small PHP library for optimizing images