The code is as follows:
<?php
class sqlsafe {
private $getfilter = “‘|(and|or)\\b.+?(>|<|=| in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET| INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
private $postfilter = “\\ b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\* \\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE). +?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
private $COOKIEfilter = “\\b(and|or)\\b.{1,6}?( =|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC \\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+( TABLE|DATABASE)";
/**
* Constructor
*/
public function __construct() {
foreach($_GET as $key=>$value){$this ->stopattack($key,$value,$this->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this-> postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->COOKIEfilter);}
}
/**
* Parameter check and write log
*/
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue) ;
if (preg_match(“/”.$ArrFiltReq.”/is”,$StrFiltValue) == 1){
$this->writeslog($_SERVER[“REMOTE_ADDR”].” “.strftime( “%Y-%m-%d %H:%M:%S”).” “.$_SERVER[“PHP_SELF”].” “.$_SERVER[“REQUEST_METHOD”].” “.$StrFiltKey.” ” .$StrFiltValue);
showmsg(‘The parameters you submitted are illegal, the system has recorded your operation! ‘,”,0,1);
}
}
/**
* SQL injection log
*/
public function writeslog($log){
$log_path = CACHE_PATH.’logs’.DIRECTORY_SEPARATOR.’sql_log.txt’;
$ts = fopen($log_path,”a+”);
fputs($ts,$log.”\r\n” );
fclose($ts);
}
}
?>
Specific implementation of filtering illegal characters in php_PHP
This article is from the internet and does not represent1024programmerPosition, please indicate the source when reprinting:https://www.1024programmer.com/specific-implementation-of-filtering-illegal-characters-in-php_php/