PHP正規(正則)表達式比對防止SQL注入 – jashliao部落格

PHP正規(正則)表達式比對防止SQL注入

資料來源: http://www.51itstudy.com/it/article/2469.html

https://www.cnblogs.com/yydcdut/p/3496855.html

http://www.wuliaoy.com/pro/47.html

https://www.ctolib.com/topics-88220.html

01.

02.

Error number: [$errno],error on line $errline in $errfile
"; 
    die(); 
}
 
set_error_handler("customError",E_ERROR); 
$getfilter="'|(and|or)\\b.+?(>|||
操作IP: ".$_SERVER["REMOTE_ADDR"]."
操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."
操作页面:".$_SERVER["PHP_SELF"]."
提交方式: ".$_SERVER["REQUEST_METHOD"]."
提交参数: ".$StrFiltKey."
提交数据: ".$StrFiltValue); 
        print "result notice:Illegal operation!"; 
        exit(); 
    } 
} 
foreach($_GET as $key=>$value)
{ 
    StopAttack($key,$value,$getfilter); 
} 
foreach($_POST as $key=>$value)
{ 
    StopAttack($key,$value,$postfilter); 
} 
foreach($_COOKIE as $key=>$value)
{ 
    StopAttack($key,$value,$cookiefilter); 
} 
   
function slog($logs) 
{ 
    $toppath="log.htm"; 
    $Ts=fopen($toppath,"a+"); 
    fputs($Ts,$logs."\r\n"); 
    fclose($Ts); 
} 
?>

03.

                alert('请勿非法操作！');
                window.history.back(-1);    
            ");
    } else {
        return $str;
    }
}

$loginname = strCheck($_POST["loginname"]);
?> 

04.

 $v )
		{
			$array [$k] = sec ( $v );
		}
	} else if (is_string ( $array )) 
	{
		//使用addslashes函数来处理
		$array = addslashes ( $array );
	} 
	else if (is_numeric ( $array )) 
	{
		$array = intval ( $array );
	}
	return $array;
}

//整型过滤函数
function num_check($id) 
{
	if (! $id)
	{
		die ( '参数不能为空！' );
	} //是否为空的判断
	else if (inject_check ( $id )) 
	{
		die ( '非法参数' );
	} //注入判断
	else if (! is_numetic ( $id )) 
	{
		die ( '非法参数' );
	}
	//数字判断
	$id = intval ( $id );
	//整型化
	return $id;
}

//字符过滤函数
function str_check($str)
{
	if (inject_check ( $str ))
	{
		die ( '非法参数' );
	}
	//注入判断
	$str = htmlspecialchars ( $str );
	//转换html
	return $str;
}

function search_check($str)
{
	$str = str_replace ( "_", "\_", $str );
	//把"_"过滤掉
	$str = str_replace ( "%", "\%", $str );
	//把"%"过滤掉
	$str = htmlspecialchars ( $str );
	//转换html
	return $str;
}

//表单过滤函数
function post_check($str, $min, $max)
{
	if (isset ( $min ) && strlen ( $str ) < $min) {
	die ( '最少$min字节' );
	} else if (isset ( $max ) && strlen ( $str ) > $max) {
	die ( '最多$max字节' );
	}
	return stripslashes_array ( $str );
}

//防注入函数
function inject_check($sql_str)
{
	return eregi ( 'select|inert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|UNION|into|load_file|outfile', $sql_str );
	// 进行过滤，防注入
}

function stripslashes_array(&$array)
{
	if (is_array ( $array ))
	{
		foreach ( $array as $k => $v )
		{
			$array [$k] = stripslashes_array ( $v );
		}
	}
	else if (is_string ( $array ))
	{
		$array = stripslashes ( $array );
	}
	return $array;
}
?>