I wrote a sql injection detection function that can effectively detect user posts and filter the obtained references. Friends in need can refer to it.
The code is as follows
代码如下 |
复制代码 |
/*sql 注入 字符的检测
* 在所有用户输入的数据,post传参, get传参 都需要检测下
* 如果有匹配到关键字 则 返回该关键字 否则返回false
* 这个和敏感字符的检测不是一样的
*/
function Filter_SQL($strData)
{
$strFilter=$blnFlag=$arrayFilter='';
$strFilter="'|and|(|)|exec|insert|select|delete|update|count|*|%27|chr|mid|master|truncate|char|declare|union|or"; //需要过滤的字符,可以自己添,"|"是分隔符
$blnFlag=false; //过滤标志,如果产生过滤,那么就是真
$arr=explode("|",$strFilter);
$str="";
foreach($arr as $row)
{
$str.=preg_quote($row)."|";
}
$str=trim($str,"|");
if(preg_match('/'.$str.'/i',$strData,$word))
{
return $word[0];
}
return false;
}
/*
测试
$string="fasdf union ";
echo Filter_SQL($string);
*/
?>
|
|
Copy code |
|
/*SQL injection character detection
* All user-entered data, post parameters, and get parameters need to be detected
* If a keyword is matched, return the keyword, otherwise return false
* This is not the same as the detection of sensitive characters
*/
function Filter_SQL($strData)
{
$strFilter=$blnFlag=$arrayFilter='';
$strFilter="'|and|(|)|exec|insert|select|delete|update|count|*|%27|chr|mid|master|truncate|char|declare|union|or"; / /You can add the characters that need to be filtered by yourself, "|" is the separator
$blnFlag=false; //Filter flag, if filtering occurs, then it is true
$arr=explode("|",$strFilter);
$str="";
foreach($arr as $row)
{
$str.=preg_quote($row)."|";
}
$str=trim($str,"|");
if(preg_match('/'.$str.'/i',$strData,$word))
{
return $word[0];
}
return false;
}
/*
Test
$string="fasdf union ";
echo Filter_SQL($string);
*/
?>
http://www.bkjia.com/PHPjc/629696.htmltruehttp: //www.bkjia.com/PHPjc/629696.htmlTechArticleA sql injection detection function written by myself, which can effectively detect user posts and filter the references obtained. Friends in need can refer to it. The code is as follows Copy the code ?php /*sql injection...