phpsql通用防注入系统

phpsql通用防注入系统

本文章提供这款防sql注入代码是一款php sql双过滤非法字符的函数,他可以根据用户自定的防sql注入,先是过滤一些sql命令,再是就是把post get 过滤一次,最好验证.

php防注入代码如下:

$arrfiltrate=array("update","delete","selert","drop","exec","cast","'","union"); 
//出错后要跳转的url,不填则默认前一页 
$strgourl=""; 
//是否存在数组中的值 
function funstringexist($strfiltrate,$arrfiltrate){ 
    foreach ($arrfiltrate as $key=>$value){ 
        if (eregi($value,$strfiltrate)){ 
            return true; 
        } 
    } 
return false; 
} 
//合并$_post 和 $_get 
if(function_exists(array_merge)){ 
    $arrpostandget=array_merge($http_post_vars,$http_get_vars); 
}else{ 
    foreach($http_post_vars as $key=>$value){ 
        $arrpostandget[]=$value; 
    } 
    foreach($http_get_vars as $key=>$value){ 
    $arrpostandget[]=$value; 
    }
} 
//验证开始 
foreach($arrpostandget as $key=>$value){ 
    if (funstringexist($value,$arrfiltrate)){ 
        echo " "; 
        if (emptyempty($strgourl)){ 
            echo " "; 
        }else{ 
            echo " "; 
        } 
        echo "《script》alert('系统检测到非法字符！');history.back();《script》"; 
        exit(); 
    } 
}

永久地址：

转载随意~请带上教程地址吧^^