Home > Backend Development > PHP Tutorial > Code sharing to prevent SQL injection and cross-site attacks (junior practical)

Code sharing to prevent SQL injection and cross-site attacks (junior practical)

WBOY
Release: 2016-07-25 08:57:17
Original
1074 people have browsed it
  1. //防注入函数
  2. function inject_check($sql_str){
  3. $check = eregi('select|insert|update|delete|*|/*|'|../|./|UNION|into|load_file|outfile',$sql_str);
  4. if($check){
  5. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  6. exit();
  7. }else{
  8. return $sql_str;
  9. }
  10. }
  11. //防跨站攻击
  12. function inject_check2($sql_str){
  13. $check =
  14. eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
  15. frameset|ilayer|layer
  16. |bgsound|title|base|onabort|onact
  17. ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
  18. |onbeforepaste|onbeforeprint|onbeforeunload|onb
  19. eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
  20. ondataavailable
  21. |ondatasetchanged|ondatasetcomplete|ondblc
  22. lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
  23. ondrop|onerror|onerrorupdate
  24. |onfilterchange|onfinish|onfocus|onfocusin|onfoc
  25. usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
  26. |onmousedown|onmouseenter|
  27. onmouseleave|onmousemove|onmouseout|onmouseover|onmou
  28. seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
  29. onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
  30. owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
  31. onsubmit|onunload',$sql_str);
  32. if($check){
  33. page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
  34. exit();
  35. }else{
  36. //return $sql_str;
  37. }
  38. } //by bbs.it-home.org
  39. ?>
复制代码


source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template