php中过滤非法字符的具体实现_PHP
- WBOY原创
- 2016-06-01 11:58:18956浏览
复制代码 代码如下:
class sqlsafe {
private $getfilter = "'|(and|or)\b. ?(>|private $postfilter = "\b(and|or)\b.{1,6}?(=|>|private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|/**
* 构造函数
*/
public function __construct() {
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this ->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
/**
* 参数检查并写日志
*/
public function stopattack( $StrFiltKey, $StrFiltValue, $ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime(" %Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." $StrFiltValue);
showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
}
}
/**
* SQL注入日志
*/
public function writeslog($log){
$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
$ts = fopen($log_path,"a ");
fputs($ts,$log."rn");
fclose($ts);
}
}
?>
声明:本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn