PHP防SQL注入的一個類別

class sqlsafe {
    private $getfilter = "'|(and|or)\b. ?(>|<|=|in|like)|\/\*. ?\*\/|<\s*script\b|\bEXEC\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s (TABLE|DATABASE)";
    private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*. ?\*\/|<\s*script\b|\bEXEC\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s (TABLE|DATABASE)";
    private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*. ?\*\/|<\s*script\b|\bEXEC\b|UNION. ?SELECT|UPDATE. ?SET|INSERT\s INTO. ?VALUES|(SELECT|DELETE). ?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s (TABLE|DATABASE)";
    /**
     * 构造函数
     */
    public function __construct() {
        foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
        foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
        foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
    }
    /**
     * 参数检查并写日志
     */
    public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
        if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
        if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
            $this->writeslog($_SERVER["REMOTE_ADDR"]."    ".strftime("%Y-%m-%d %H:%M:%S")."    ".$_SERVER["PHP_SELF"]."    ".$_SERVER["REQUEST_METHOD"]."    ".$StrFiltKey."    ".$StrFiltValue);
            showmsg('您提交的参数非法,系统已记录您的本次操作！','',0,1);
        }
    }
    /**
     * SQL注入日志
     */
    public function writeslog($log){
        $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
        $ts = fopen($log_path,"a ");
        fputs($ts,$log."rn");
        fclose($ts);
    }
}
?>

PHP、SQL