Code sharing to prevent SQL injection and cross-site attacks (junior practical)
Release: 2016-07-25 08:57:17
Original
1074 people have browsed it
-
- //防注入函数
- function inject_check($sql_str){
- $check = eregi('select|insert|update|delete|*|/*|'|../|./|UNION|into|load_file|outfile',$sql_str);
- if($check){
- page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
- exit();
- }else{
- return $sql_str;
- }
- }
- //防跨站攻击
- function inject_check2($sql_str){
- $check =
- eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
- frameset|ilayer|layer
- |bgsound|title|base|onabort|onact
- ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
- |onbeforepaste|onbeforeprint|onbeforeunload|onb
- eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
- ondataavailable
- |ondatasetchanged|ondatasetcomplete|ondblc
- lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
- ondrop|onerror|onerrorupdate
- |onfilterchange|onfinish|onfocus|onfocusin|onfoc
- usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
- |onmousedown|onmouseenter|
- onmouseleave|onmousemove|onmouseout|onmouseover|onmou
- seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
- onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
- owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
- onsubmit|onunload',$sql_str);
- if($check){
- page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
- exit();
- }else{
- //return $sql_str;
- }
- } //by bbs.it-home.org
- ?>
复制代码
|
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
-
2024-10-22 09:46:29
-
2024-10-13 13:53:41
-
2024-10-12 12:15:51
-
2024-10-11 22:47:31
-
2024-10-11 19:36:51
-
2024-10-11 15:50:41
-
2024-10-11 15:07:41
-
2024-10-11 14:21:21
-
2024-10-11 12:59:11
-
2024-10-11 12:17:31