<?php
/**
* php防止sql注入
* by www.ahlinux.com
*/
class sqlsafe {
private $getfilter = "'|(and|or)//b.+?(>|<|=|in|like)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";
private $postfilter = "//b(and|or)//b.{1,6}?(=|>|<|//bin//b|//blike//b)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";
private $cookiefilter = "//b(and|or)//b.{1,6}?(=|>|<|//bin//b|//blike//b)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";
/**
* 构造函数
*/
public function __construct() {
foreach ( $_GET as $key => $value ) {
$this->stopattack ( $key, $value, $this->getfilter );
}
foreach ( $_POST as $key => $value ) {
$this->stopattack ( $key, $value, $this->postfilter );
}
foreach ( $_COOKIE as $key => $value ) {
$this->stopattack ( $key, $value, $this->cookiefilter );
}
}
/**
* 参数检查并写日志
*/
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq) {
if (is_array ( $StrFiltValue ))
$StrFiltValue = implode ( $StrFiltValue );
if (preg_match ( "/" . $ArrFiltReq . "/is", $StrFiltValue ) == 1) {
$this->writeslog ( $_SERVER ["REMOTE_ADDR"] . " " . strftime ( "%Y-%m-%d %H:%M:%S" ) . " " . $_SERVER ["PHP_SELF"] . " " . $_SERVER ["REQUEST_METHOD"] . " " . $StrFiltKey . " " . $StrFiltValue );
}
}
/**
* SQL注入日志
*/
public function writeslog($log) {
$log_path = CACHE_PATH . 'logs' . DIRECTORY_SEPARATOR . 'sql_log.txt';
$ts = fopen ( $log_path, "a+" );
fputs ( $ts, $log . "/r/n" );
fclose ( $ts );
}
}
?>
最后修改:2019 年 09 月 05 日
© 允许规范转载