<?php
02 class sqlsafe {
03 private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
04 private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
05 private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
06 /**
07 * 构造函数
08 */
09 public function __construct() {
10 foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
11 foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
12 foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
13 }
14 /**
15 * 参数检查并写日志
16 */
17 public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
18 if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
19 if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
20 $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
21 showmsg('您提交的参数非法,系统已记录您的本次操作!','',0,1);
22 }
23 }
24 /**
25 * SQL注入日志
26 */
27 public function writeslog($log){
28 $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
29 $ts = fopen($log_path,"a+");
30 fputs($ts,$log."\r\n");
31 fclose($ts);
32 }
33 }
34 ?>
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
