欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  后端开发

PHP防SQL注入的一个类

程序员文章站 2022-05-08 10:08:54
...
  1. class sqlsafe {
  2. private $getfilter = "'|(and|or)\\b.+?(>| private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>| private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>| /**
  3. * 构造函数
  4. */
  5. public function __construct() {
  6. foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
  7. foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
  8. foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  9. }
  10. /**
  11. * 参数检查并写日志
  12. */
  13. public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
  14. if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
  15. if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
  16. $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
  17. showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
  18. }
  19. }
  20. /**
  21. * SQL注入日志
  22. */
  23. public function writeslog($log){
  24. $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
  25. $ts = fopen($log_path,"a+");
  26. fputs($ts,$log."\r\n");
  27. fclose($ts);
  28. }
  29. }
  30. ?>
复制代码

PHP, SQL