防止sql注入类

分类：开发语言 > PHP

<?php

class sqlSafe
{
private $getfilter = "'|(and|or)\\\\b.+?(>|<|=|in|like)|\\\\/\\\\*.+?\\\\*\\\\/|<\\\\s*script\\\\b|\\\\bEXEC\\\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\\\s+(TABLE|DATABASE)";
private $postfilter = "\\\\b(and|or)\\\\b.{1,6}?(=|>|<|\\\\bin\\\\b|\\\\blike\\\\b)|\\\\/\\\\*.+?\\\\*\\\\/|<\\\\s*script\\\\b|\\\\bEXEC\\\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\\\s+(TABLE|DATABASE)";
private $cookiefilter = "\\\\b(and|or)\\\\b.{1,6}?(=|>|<|\\\\bin\\\\b|\\\\blike\\\\b)|\\\\/\\\\*.+?\\\\*\\\\/|<\\\\s*script\\\\b|\\\\bEXEC\\\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\\\s+(TABLE|DATABASE)";

/*
* 构造函数
*/
public function __construct()
{
foreach ($_GET as $key => $value) {
$this->stopattack($key, $value, $this->getfilter);
}
foreach ($_POST as $key => $value) {
$this->stopattack($key, $value, $this->postfilter);
}
foreach ($_COOKIE as $key => $value) {
$this->stopattack($key, $value, $this->cookiefilter);
}
}

/*
* 参数检查并写日志
*/
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq)
{
if (is_array($StrFiltValue)) {
$StrFiltValue = implode($StrFiltValue);
}
if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltValue) == 1) {
$this->writeslog($_SERVER["REMOTE_ADDR"] . " " . strftime("%Y-%m-%d %H:%M:%S") . " " . $_SERVER["PHP_SELF"] . " " . $_SERVER["REQUEST_METHOD"] . " " . $StrFiltKey . " " . $StrFiltValue);
showmsg('您提交的参数非法,系统已记录您的本次操作！', '', 0, 1);
}
}

/*
* SQL注入日志
*/
public function writeslog($log)
{
$log_path = CACHE_PATH . 'logs' . DIRECTORY_SEPARATOR . 'sql_log.txt';
$ts = fopen($log_path, "a+");
fputs($ts, $log . "\\r\\n");
fclose($ts);
}
}

来源：原创发布时间：2021-10-22 21:35:03

PHP 服务器 Mysql Javascript

防止sql注入类

分类

最新

置顶

热门

精华

标签