php防止sql注入漏洞代碼

<?php
//Code By Safe
function customError($errno, $errstr, $errfile, $errline)
{
 echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />";
 die();
}
set_error_handler("customError",E_ERROR);
$getfilter="'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
$cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){ php

 if(is_array($StrFiltValue))
 {
     $StrFiltValue=implode($StrFiltValue);
 } 
 if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){  
         print "notice:Illegal operation!";
         exit();
 }     

foreach($_GET as $key=>$value){
 StopAttack($key,$value,$getfilter);
}
foreach($_POST as $key=>$value){
 StopAttack($key,$value,$postfilter);
}
foreach($_COOKIE as $key=>$value){
 StopAttack($key,$value,$cookiefilter);
}
?> cookie

將這段代碼放在每一個頁面都要調用的頁面中就ok了。有時候英文和COOKIE能夠會出現過濾問題. post

相關文章
相關標籤/搜索