在index.php入口文件的最上面增加
js方式防非法字符可以参考https://blog.csdn.net/viqecel/article/details/120513889
function sql2($value) {
//过滤参数
$arr = explode('|', 'UPDATEXML|UPDATE|WHERE|EXEC|INSERT|SELECT|DELETE|COUNT|CHR|MID|MASTER|TRUNCATE|DECLARE|BIND|DROP|CREATE| EXP |EXP%| OR |XOR| LIKE |NOTLIKE|NOT BETWEEN|NOTBETWEEN|BETWEEN|NOTIN|NOT IN|CONTACT|EXTRACTVALUE|LOAD_FILE|INFORMATION_SCHEMA|outfile|%20|into|union');
if (is_string($value)) {
foreach ($arr as $a) {
//过滤sql关键字
if (stripos($value, $a) !== false) exit('有输入非法字符,请返回重试');
}
} elseif (is_array($value)) {
foreach ($value as $v) {
sqlInj($v);
}
}
}
//过滤请求参数
foreach ($_REQUEST as $key => $value) {
sql2($value);
}