欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

php中过滤非法字符的具体实现

程序员文章站 2022-06-29 13:50:09
复制代码 代码如下: |<|=...
复制代码 代码如下:

<?php
class sqlsafe {
private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert\\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database)";
private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert\\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database)";
private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert\\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database)";
/**
* 构造函数
*/
public function __construct() {
foreach($_get as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_post as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_cookie as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
/**
* 参数检查并写日志
*/
public function stopattack($strfiltkey, $strfiltvalue, $arrfiltreq){
if(is_array($strfiltvalue))$strfiltvalue = implode($strfiltvalue);
if (preg_match("/".$arrfiltreq."/is",$strfiltvalue) == 1){
$this->writeslog($_server["remote_addr"]." ".strftime("%y-%m-%d %h:%m:%s")." ".$_server["php_self"]." ".$_server["request_method"]." ".$strfiltkey." ".$strfiltvalue);
showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
}
}
/**
* sql注入日志
*/
public function writeslog($log){
$log_path = cache_path.'logs'.directory_separator.'sql_log.txt';
$ts = fopen($log_path,"a+");
fputs($ts,$log."\r\n");
fclose($ts);
}
}
?>