-
class sqlsafe {
- private $getfilter = "'|(and|or)\\b.+?(>| private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>| private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>| /**
- * 构造函数
- */
- public function __construct() {
- foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
- foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
- foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
- }
- /**
- * 参数检查并写日志
- */
- public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
- if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
- if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
- $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
- showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
- }
- }
- /**
- * SQL注入日志
- */
- public function writeslog($log){
- $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
- $ts = fopen($log_path,"a+");
- fputs($ts,$log."\r\n");
- fclose($ts);
- }
- }
- ?>
复制代码
|
PHP, SQL
本站声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
作者最新文章
-
2024-10-22 09:46:29
-
2024-10-13 13:53:41
-
2024-10-12 12:15:51
-
2024-10-11 22:47:31
-
2024-10-11 19:36:51
-
2024-10-11 15:50:41
-
2024-10-11 15:07:41
-
2024-10-11 14:21:21
-
2024-10-11 12:59:11
-
2024-10-11 12:17:31