|
<div class="codetitle"><a style="CURSOR: pointer" data="3286" class="copybut" id="copybut3286" onclick="doCopy('code3286')"> 代码如下:<div class="codebody" id="code3286">
<?php
class sqlsafe {
private $getfilter = "'|(and|or)b.+?(>|<|=|in|like)|/.+?*/|<sscriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";
private $postfilter = "b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/.+?*/|<sscriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";
private $cookiefilter = "b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/.+?*/|<sscriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";
/
构造函数
/
public function __construct() {
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$this->postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$this->cookiefilter);}
}
/
参数检查并写日志
/
public function stopattack($StrFiltKey,$StrFiltValue,$ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
showmsg('您提交的参数非法,系统已记录您的本次操作!','',1);
}
}
/*
SQL注入日志
*/
public function writeslog($log){
$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
$ts = fopen($log_path,"a+");
fputs($ts,$log."rn");
fclose($ts);
}
}
?>
(编辑:李大同)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
