Community Learn Tools Library Leisure
search
English
Home > Backend Development > PHP Tutorial > A class to prevent SQL injection in PHP

A class to prevent SQL injection in PHP

WBOY
Release: 2016-07-25 08:44:23
Original
955 people have browsed it
  1. class sqlsafe {
  2. private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  3. private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  4. private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  5. /**
  6. *Constructor
  7. */
  8. public function __construct() {
  9. foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
  10. foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
  11. foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  12. }
  13. /**
  14. * Parameter checking and writing logs
  15. */
  16. public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
  17. if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
  18. if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
  19. $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
  20. showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
  21. }
  22. }
  23. /**
  24. *SQL injection log
  25. */
  26. public function writeslog($log){
  27. $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
  28. $ts = fopen($log_path,"a+");
  29. fputs($ts,$log."rn");
  30. fclose($ts);
  31. }
  32. }
  33. ?>
复制代码

PHP, SQL


Related labels:
PHP防SQL注入的一个类
source:php.cn
Previous article:php intercept function containing mixed string lengths Next article:Three methods of rounding in php
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Record query under partial value conditions - SQL skill sharing I have a table called zipcode which has a column called code. The Code column contains the...
From 2024-04-06 16:01:26
0
1
395
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template