首頁  >  文章  >  後端開發  >  PHP防SQL注入的一個類別

PHP防SQL注入的一個類別

WBOY
WBOY原創
2016-07-25 08:44:23937瀏覽
  1. class sqlsafe {
  2. private $getfilter = "'|(and|or)\b. ?(>|<|=|in|like)|\/\*. ?\*\/|<\s*script\b|\bEXEC\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s (TABLE|DATABASE)";
  3. private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*. ?\*\/|<\s*script\b|\bEXEC\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s (TABLE|DATABASE)";
  4. private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*. ?\*\/|<\s*script\b|\bEXEC\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s (TABLE|DATABASE)";
  5. /**
  6. * 构造函数
  7. */
  8. public function __construct() {
  9. foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
  10. foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
  11. foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  12. }
  13. /**
  14. * 参数检查并写日志
  15. */
  16. public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
  17. if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
  18. if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
  19. $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
  20. showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
  21. }
  22. }
  23. /**
  24. * SQL注入日志
  25. */
  26. public function writeslog($log){
  27. $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
  28. $ts = fopen($log_path,"a ");
  29. fputs($ts,$log."rn");
  30. fclose($ts);
  31. }
  32. }
  33. ?>
复制代码

PHP、SQL


陳述:
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn