php 过滤特殊字符及sql防注入代码
程序员文章站
2022-04-05 23:45:53
...
]*?)>/isU", "/(]*)on[a-zA-Z]+s*=([^>]*>)/isU", ); $tarr = array( " ", "", //如果要直接清除不安全的标签,这里可以留空 "12", ); $str = preg_replace( $farr,$tarr,$str); return $str; } //php sql防注入代码 class sqlin { //dowith_sql($value) function dowith_sql($str) { $str = str_replace("and","",$str); $str = str_replace("execute","",$str); $str = str_replace("update","",$str); $str = str_replace("count","",$str); $str = str_replace("chr","",$str); $str = str_replace("mid","",$str); $str = str_replace("master","",$str); $str = str_replace("truncate","",$str); $str = str_replace("char","",$str); $str = str_replace("declare","",$str); $str = str_replace("select","",$str); $str = str_replace("create","",$str); $str = str_replace("delete","",$str); $str = str_replace("insert","",$str); $str = str_replace("'","",$str); $str = str_replace(""","",$str); $str = str_replace(" ","",$str); $str = str_replace("or","",$str); $str = str_replace("=","",$str); $str = str_replace("%20","",$str); //echo $str; return $str; } //aticle()防SQL注入函数//php教程 function sqlin() { foreach ($_GET as $key=>$value) { $_GET[$key]=$this->dowith_sql($value); } foreach ($_POST as $key=>$value) { $_POST[$key]=$this->dowith_sql($value); } } } $dbsql=new sqlin();
使用方式:将以上代码复制新建一个sqlin.php的文件,然后包含在有GET或者POST数据接收的页面.
原理:将所有的SQL关键字替换为空,本代码在留言本中不能使用,若要在留言本中使用请替换其中的.
$str = str_replace("and","",$str); //到: $str = str_replace("%20","",$str);//的代码为: $str = str_replace("and","and",$str); $str = str_replace("execute","execute",$str); $str = str_replace("update","update",$str); $str = str_replace("count","count",$str); $str = str_replace("chr","chr",$str); $str = str_replace("mid","mid",$str); $str = str_replace("master","master",$str); $str = str_replace("truncate","truncate",$str); $str = str_replace("char","char",$str); $str = str_replace("declare","declare",$str); $str = str_replace("select","select",$str); $str = str_replace("create","create",$str); $str = str_replace("delete","delete",$str); $str = str_replace("insert","insert",$str); $str = str_replace("'","'",$str); $str = str_replace("\"",""",$str);
永久地址:
转载随意~请带上教程地址吧^^