<?php
/**
 * php防止sql注入
 * by www.ahlinux.com
 */
class sqlsafe {
    private $getfilter = "'|(and|or)//b.+?(>|<|=|in|like)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";
    private $postfilter = "//b(and|or)//b.{1,6}?(=|>|<|//bin//b|//blike//b)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";
    private $cookiefilter = "//b(and|or)//b.{1,6}?(=|>|<|//bin//b|//blike//b)|/////*.+?//*///|<//s*script//b|//bEXEC//b|UNION.+?SELECT|UPDATE.+?SET|INSERT//s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)//s+(TABLE|DATABASE)";
    /**
     * 构造函数
     */
    public function __construct() {
        foreach ( $_GET as $key => $value ) {
            $this->stopattack ( $key, $value, $this->getfilter );
        }
        foreach ( $_POST as $key => $value ) {
            $this->stopattack ( $key, $value, $this->postfilter );
        }
        foreach ( $_COOKIE as $key => $value ) {
            $this->stopattack ( $key, $value, $this->cookiefilter );
        }
    }
    /**
     * 参数检查并写日志
     */
    public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq) {
        if (is_array ( $StrFiltValue ))
            $StrFiltValue = implode ( $StrFiltValue );
        if (preg_match ( "/" . $ArrFiltReq . "/is", $StrFiltValue ) == 1) {
            $this->writeslog ( $_SERVER ["REMOTE_ADDR"] . "    " . strftime ( "%Y-%m-%d %H:%M:%S" ) . "    " . $_SERVER ["PHP_SELF"] . "    " . $_SERVER ["REQUEST_METHOD"] . "    " . $StrFiltKey . "    " . $StrFiltValue );
            
        }
    }
    /**
     * SQL注入日志
     */
    public function writeslog($log) {
        $log_path = CACHE_PATH . 'logs' . DIRECTORY_SEPARATOR . 'sql_log.txt';
        $ts = fopen ( $log_path, "a+" );
        fputs ( $ts, $log . "/r/n" );
        fclose ( $ts );
    }
}
?>
最后修改:2019 年 09 月 05 日 10 : 25 AM
如果觉得我的文章对你有用,请随意赞赏