文件名称:防SQL注入的php类库.zip
文件大小:2KB
文件格式:ZIP
更新时间:2022-07-31 03:49:03
类库下载-防SQL注入的php类库
<?php class sqlsafe { private $getfilter = "'|(and|or)\\b. ?(>|<|=|in|like)|\\/\\*. ?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s (TABLE|DATABASE)"; private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*. ?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s (TABLE|DATABASE)"; private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*. ?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s (TABLE|DATABASE)"; public function __construct() { foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);} foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);} foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);} } public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){ if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue); if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){ $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue); showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1); } } public function writeslog($log){ $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt'; $ts = fopen($log_path,"a "); fputs($ts,$log."\r\n"); fclose($ts); } }本类库首先构造函数参数,然后检查并写日志最后检查SQL注入日志。是一个很好用的防SQL注入的php类库
【文件预览】:
防SQL注入的php类库
----php中文网下载站.url(114B)
----code.php(2KB)
----php中文网免费下载站.txt(219B)