Home > Backend Development > PHP Tutorial > PHP anti-SQL injection class can filter sensitive parameters_PHP tutorial

PHP anti-SQL injection class can filter sensitive parameters_PHP tutorial

WBOY
Release: 2016-07-13 17:11:16
Original
804 people have browsed it

This article summarizes almost all possible PHP anti-SQL injection codes. Please refer to them for reference.

Determine the executability of XP_CMDSHELL

Discover WEB virtual directory

Upload ASP, php, jsp Trojans;

Get administrator rights;

//PHP whole site anti-injection program, you need to require_once this file in the public file
//Judge magic_quotes_gpc status
if (@get_magic_quotes_gpc ()) {
$_GET = sec ($_GET);
$_POST = sec ( $_POST );
$_COOKIE = sec ( $_COOKIE );
$_FILES = sec ( $_FILES );

$_SERVER = sec ( $_SERVER );
function sec(&$array) {
//If it is an array, traverse the array and call recursively
If (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$array [$k] = sec ($v);
                                                                      } else if (is_string ( $array )) {  
                 //Use the addslashes function to process                                    $array = addslashes ( $array );                                          } else if (is_numeric ( $array )) {  
          $array = intval ($array);                                           }  
Return $array;
}

1. Judgment of integer parameters

When the input parameter YY is an integer, usually the original SQL statement in abc.asp is roughly as follows:

select * from table name where field = YY, so you can use the following steps to test whether SQL injection exists.

①HTTP://xxx.xxx.xxx/abc.asp?p=YY’ (with a single quote attached), at this time the SQL statement in abc.ASP becomes

select * from table name where field=YY’, abc.asp runs abnormally;

②HTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=1, abc.asp runs normally and is the same as HTTP://xxx.xxx.xxx/abc.asp?p=YY The running results are the same;

③HTTP://xxx.xxx.xxx/abc.asp?p=YY and 1=2, abc.asp is running abnormally;

If the above three steps are fully satisfied, there must be a SQL injection vulnerability in abc.asp.

function num_check($id) {
If (! $id) {
           die ( 'Parameter cannot be empty!' );                                 } //Judge whether it is empty
else if (inject_check ( $id )) {
           die ('illegal parameter'); } //Inject judgment
else if (! is_numetic ( $id )) {
           die ('illegal parameter'); }  
//Number Judgment
$id = intval ($id);
//Integerization
Return $id;
}
                                   
//Character filter function
function str_check($str) {
If (inject_check ( $str )) {
           die ('illegal parameter'); }  
//Inject judgment
$str = htmlspecialchars ($str);
//Convert html
Return $str;
}
function search_check($str) {
$str = str_replace ( "_", "_", $str );
//Filter out "_"
$str = str_replace ( "%", "%", $str );
//Filter out "%"
$str = htmlspecialchars ($str);
//Convert html
Return $str;
}
//Form filter function
function post_check($str, $min, $max) {
If (isset ( $min ) && strlen ( $str ) < $min) {
           die ('minimum $min bytes'); } else if (isset ( $max ) && strlen ( $str ) > $max) {
           die ('Up to $max bytes'); }  
Return stripslashes_array ( $str );
}

When the input parameter YY is a string, usually the original SQL statement in abc.php is roughly as follows:

select * from table name where field='YY', so you can use the following steps to test whether SQL injection exists.

①HTTP://xxx.xxx.xxx/abc.php?p=YY’ (with a single quote attached), at this time the SQL statement in abc.ASP becomes

select * from table name where field=YY’, abc.asp runs abnormally;

②HTTP://xxx.xxx.xxx/abc.php?p=YY&;nb ... 39;1'='1', abc.php runs normally and is consistent with HTTP://xxx.xxx. xxx/abc.asp?p=YY results are the same;

③HTTP://xxx.xxx.xxx/abc.php?p=YY&;nb ... 39;1'='2', abc.php is running abnormally;

If the above three steps are fully satisfied, there must be a SQL injection vulnerability in abc.asp.

//Anti-injection function

function inject_check($sql_str) {

Return eregi ( 'select|inert|update|delete|'|/*|*|../|./|UNION|into|load_file|outfile', $sql_str );

// Filter to prevent injection

}

function stripslashes_array(&$array) {
If (is_array ( $array )) {
foreach ( $array as $k => $v ) {
$array [$k] = stripslashes_array ( $v );
                                                                                 } else if (is_string ( $array )) {
$array = stripslashes ( $array );
}  
Return $array;
}


//php batch filter posts, get sensitive data
if (get_magic_quotes_gpc()) {
$_GET = stripslashes_array($_GET);
$_POST = stripslashes_array($_POST);
}

function stripslashes_array(&$array) {
while(list($key,$var) = each($array)) {
if ($key != 'argc' && $key != 'argv' && (strtoupper($key) != $key || ''.intval($key) == "$key")) {
if (is_string($var)) {
$array[$key] = stripslashes($var);
}
if (is_array($var))  {
$array[$key] = stripslashes_array($var);
}
}
}
return $array;
}
//过滤
function htmlencode($str){
if(empty($str)) return;
if($str=="") return $str;
$str=trim($str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(chr(32)," ",$str);
$str=str_replace(chr(9)," ",$str);
$str=str_replace(chr(9),"    ",$str);
$str=str_replace(chr(34),"&",$str);
$str=str_replace(chr(39),"'",$str);
$str=str_replace(chr(13),"
",$str);
$str=str_replace("'","''",$str);
$str=str_replace("select","select",$str);
$str=str_replace("SCRIPT","SCRIPT",$str);
$str=str_replace("script","script",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cast","cas",$str);
return $str;
}

//解码
function htmldecode($str){
if(empty($str)) return;
if($str=="") return $str;
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("    ",chr(9),$str);
$str=str_replace("&",chr(34),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("
",chr(13),$str);
$str=str_replace("''","'",$str);
return $str;
}

// Function: string_filter($string, $match_type=1)
// Function: Filter illegal content
// Parameters:
// $string the string to be checked
// $match_type match type, 1 is exact match, 2 is fuzzy match, the default is 1
//
//Return: True if there is illegal content, False if there is no illegal content
// Others: The illegal keyword list is saved in the txt file, divided into two lists: ordinary illegal keywords and serious illegal keywords
// Author: heiyeluren
// Time: 2006-1-18
//
//================================================ ======================
function lib_lawless_string_filter($string, $match_type=1)
{
//It is illegal to return an empty string directly
$string = trim($string);
if (empty($string))
{
return false;
}
//Get important keyword list and common keyword list
$common_file = "common_list.txt"; //Common filter keyword list
$signify_file = "signify_list.txt"; //Important filter keyword list
//If any list file does not exist, return false directly, otherwise read the two file lists into two arrays
if (!file_exists($common_file) || !file_exists($signify_file))
{
return false;
}
$common_list = file($common_file);
$signify_list = file($signify_file);

//Exact match
if ($match_type == 1)
{
$is_lawless = exact_match($string, $common_list);
}

//Fuzzy matching
if ($match_type == 2)
{
$is_lawless = blur_match($string, $common_list, $signify_list);
}

//Determine whether there is data in the search result array. If there is, it proves to be illegal
if (is_array($is_lawless) && !empty($is_lawless))
{
return true;
}
else
{
return false;
}
}

//------------------------
// Exact matching, serving filtering
//------------------------
function exact_match($string, $common_list)
{
$string = trim($string);
$string = lib_replace_end_tag($string);

//Retrieve the common filter keyword list
foreach($common_list as $block)
{
$block = trim($block);
if (preg_match("/^$string$/i", $block))
{
$blist[] = $block;
}
}
//Determine whether there is filtered content in the array
if (!empty($blist))
{
return array_unique($blist);
}

return false;
}

//---------------------
// Fuzzy matching, serving filtering
//---------------------
function blur_match($string, $common_list, $signify_list)
{
$string = trim($string);
$s_len = strlen($string);
$string = lib_replace_end_tag($string);

//Retrieve the common filter keyword list
foreach($common_list as $block)
{
$block = trim($block);
if (preg_match("/^$string$/i", $block))
{
$blist[] = $block;
}
}
//Retrieve severe filter keyword list
foreach($signify_list as $block)
{
$block = trim($block);
if ($s_len>=strlen($block) && preg_match("/$block/i", $string))
{
$blist[] = $block;
}
}
//Determine whether there is filtered content in the array
if (!empty($blist))
{
return array_unique($blist);
}

return false;
}

//--------------------------
// Replace HTML尾 tagging, for filter service
//-------------------------
function lib_replace_end_tag($str)
{
if (empty($str)) return false;
$str = htmlspecialchars($str);
$str = str_replace( '/', "", $str);
$str = str_replace("", "", $str);
$str = str_replace(">", "", $str);
$str = str_replace("<", "", $str);
$str = str_replace("<SCRIPT>", "", $str);<br> $str = str_replace("</SCRIPT>", "", $str);
$str = str_replace("<script>", "", $str);<br> $str = str_replace("</script>", "", $str);
$str=str_replace("select","select",$str);
$str=str_replace("join","join",$str);
$str=str_replace("union","union",$str);
$str=str_replace("where","where",$str);
$str=str_replace("insert","insert",$str);
$str=str_replace("delete","delete",$str);
$str=str_replace("update","update",$str);
$str=str_replace("like","like",$str);
$str=str_replace("drop","drop",$str);
$str=str_replace("create","create",$str);
$str=str_replace("modify","modify",$str);
$str=str_replace("rename","rename",$str);
$str=str_replace("alter","alter",$str);
$str=str_replace("cas","cast",$str);
$str=str_replace("&","&",$str);
$str=str_replace(">",">",$str);
$str=str_replace("<","<",$str);
$str=str_replace(" ",chr(32),$str);
$str=str_replace(" ",chr(9),$str);
$str=str_replace("    ",chr(9),$str);
$str=str_replace("&",chr(34),$str);
$str=str_replace("'",chr(39),$str);
$str=str_replace("
",chr(13),$str);
$str=str_replace("''","'",$str);
$str=str_replace("css","'",$str);
$str=str_replace("CSS","'",$str);

return $str;

//HTML tag, can be used as an extension filter
/*
$tags = array("/html", "/head", "/body", "/div", "/span", "/DOCTYPE", "/title", "/link", "/meta", "/style", "/p", "/h1," "/h2," "/h3," "/h4," "/h5," "/h6," "/strong," "/em", "/abbr", "/acronym", "/address", "/bdo", "/blockquote", "/cite", "/q", "/code", "/ins", "/del", "/dfn", "/kbd", "/pre", "/samp", "/var", "/br", "/a", "/img", "/area", "/map", "/object", "/param", "/ul", "/ol", "/li", "/dl", "/dt", "/dd", "/table", "/tr", "/td", "/th", "/tbody", "/thead", "/tfoot", "/col", "/colgroup", "/caption", "/form", "/input", "/textarea", "/select", "/option", "/optgroup", "/button", "/label", "/fieldset", "/legend", "/script", "/noscript", "/b", "/i", "/tt", "/sub", "/sup", "/big", "/small", "/hr" );
*/

}
Quotation is directly like this:
$xxx = htmlspecialchars($_POST['xxx']);
Or
$xxx = htmlspecialchars($_GET['xxx']);

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629611.htmlTechArticle本文章电影了安全最好事安全电影PHP防SQL设备物CODE,住名学院不防阿设计参考。 OK XP_CMDSHELL 可电影电影 电影WEB 结果设计设计ASP,php,jsp木马...
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template