PHP class library to prevent SQL injection

<?php
class sqlsafe {
  private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  public function __construct() {
    foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
    foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
    foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  }
  public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
    if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
      $this->writeslog($_SERVER["REMOTE_ADDR"]."    ".strftime("%Y-%m-%d %H:%M:%S")."    ".$_SERVER["PHP_SELF"]."    ".$_SERVER["REQUEST_METHOD"]."    ".$StrFiltKey."    ".$StrFiltValue);
      showmsg('您提交的参数非法,系统已记录您的本次操作！','',0,1);
    }
  }
  public function writeslog($log){
    $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
    $ts = fopen($log_path,"a+");
    fputs($ts,$log."\r\n");
    fclose($ts);
  }
}

This class library first constructs the function parameters, then checks and writes the log, and finally checks the SQL injection log. It is a very useful PHP class library to prevent SQL injection

Related Article

A class to prevent SQL injection in PHP

25Jul2016

A class to prevent SQL injection in PHP

ASP.NET filter class SqlFilter to prevent SQL injection

21Jan2017

This article shares a filtering class SqlFilter that prevents SQL injection, which can prevent injection through POST, GET and Cookies.

Code to prevent SQL injection attacks_PHP tutorial

13Jul2016

Code to protect against SQL injection attacks. SQL injection attacks refer to exploiting design vulnerabilities to run Sql commands on the target server and conduct other attacks. When dynamically generating Sql commands, there is no input data from the user.

How to prevent sql injection using Python

16Mar2017

Preface The number one web vulnerability is none other than SQL. No matter which language is used for web back-end development, as long as a relational database is used, SQL injection attacks may be encountered. So in Python we

Introduction to Python's method to prevent sql injection

18Aug2017

Preface The number one web vulnerability is none other than SQL. No matter which language is used for web back-end development, as long as a relational database is used, SQL injection attacks may be encountered. So in Python we

Anti-SQL injection code to prevent SQL injection in PHP

29Jul2016

Anti-SQL injection: Anti-SQL injection Implementation code to prevent SQL injection in PHP: 1. Types of injection attacks There may be many different types of attack motivations, but at first glance, it seems that there are more types. This is very true - if a malicious user finds a way to perform multiple queries. We will discuss this in detail later in this article. If your script is executing a SELECT instruction, an attacker can force the display of every row in a table by injecting a condition such as "1=1" into the WHERE clause, as shown below (where, Injection part shown in bold): SELECT *F

See all articles