欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

php防SQL注入代码(360提供)

程序员文章站 2024-01-02 19:01:22
...
  1. /**
  2. * php防止sql注入
  3. * by bbs.it-home.org
  4. */
  5. class sqlsafe {
  6. private $getfilter = "'|(and|or)\\b.+?(>| private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>| private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>| /**
  7. * 构造函数
  8. */
  9. public function __construct() {
  10. foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
  11. foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
  12. foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  13. }
  14. /**
  15. * 参数检查并写日志
  16. */
  17. public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
  18. if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
  19. if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
  20. $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
  21. showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
  22. }
  23. }
  24. /**
  25. * SQL注入日志
  26. */
  27. public function writeslog($log){
  28. $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
  29. $ts = fopen($log_path,"a+");
  30. fputs($ts,$log."\r\n");
  31. fclose($ts);
  32. }
  33. }
  34. ?>
复制代码

上一篇:

下一篇: