搜索

首页 >后端开发 >php教程 >防止sql注入与跨站攻击的代码分享(初级实用型)

防止sql注入与跨站攻击的代码分享(初级实用型)

WBOY
WBOY原创
2016-07-25 08:57:171080浏览
  2. //防注入函数
  3. function inject_check($sql_str){
  4. $check = eregi('select|insert|update|delete|\*|\/\*|\'|\.\.\/|\.\/|UNION|into|load_file|outfile',$sql_str);
  5. if($check){
  6. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  7. exit();
  8. }else{
  9. return $sql_str;
  10. }
  11. }
  12. //防跨站攻击
  13. function inject_check2($sql_str){
  14. $check =
  15. eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
  16. frameset|ilayer|layer
  17. |bgsound|title|base|onabort|onact
  18. ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
  19. |onbeforepaste|onbeforeprint|onbeforeunload|onb
  20. eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
  21. ondataavailable
  22. |ondatasetchanged|ondatasetcomplete|ondblc
  23. lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
  24. ondrop|onerror|onerrorupdate
  25. |onfilterchange|onfinish|onfocus|onfocusin|onfoc
  26. usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
  27. |onmousedown|onmouseenter|
  28. onmouseleave|onmousemove|onmouseout|onmouseover|onmou
  29. seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
  30. onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
  31. owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
  32. onsubmit|onunload',$sql_str);
  33. if($check){
  34. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  35. exit();
  36. }else{
  37. //return $sql_str;
  38. }
  39. } //by bbs.it-home.org
  40. ?>
复制代码


声明:
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
上一篇:php文件下载的函数(支持多种格式) 下一篇:php实现的简单mysql工具(执行多条sql语句)

相关文章

查看更多