php中过滤非法字符的具体实现
程序员文章站
2023-11-15 17:12:28
复制代码 代码如下: |<|=...
复制代码 代码如下:
<?php
class sqlsafe {
private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert\\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database)";
private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert\\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database)";
private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b|union.+?select|update.+?set|insert\\s+into.+?values|(select|delete).+?from|(create|alter|drop|truncate)\\s+(table|database)";
/**
* 构造函数
*/
public function __construct() {
foreach($_get as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_post as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_cookie as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
/**
* 参数检查并写日志
*/
public function stopattack($strfiltkey, $strfiltvalue, $arrfiltreq){
if(is_array($strfiltvalue))$strfiltvalue = implode($strfiltvalue);
if (preg_match("/".$arrfiltreq."/is",$strfiltvalue) == 1){
$this->writeslog($_server["remote_addr"]." ".strftime("%y-%m-%d %h:%m:%s")." ".$_server["php_self"]." ".$_server["request_method"]." ".$strfiltkey." ".$strfiltvalue);
showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
}
}
/**
* sql注入日志
*/
public function writeslog($log){
$log_path = cache_path.'logs'.directory_separator.'sql_log.txt';
$ts = fopen($log_path,"a+");
fputs($ts,$log."\r\n");
fclose($ts);
}
}
?>
上一篇: Pipe——高性能IO
下一篇: 教你如何使用php session