51可用代码模板网站

咨询热线:

181-1164-6936
  • 1
PHP代码
当前位置:首页>实用代码>PHP代码>

php防注入方法

时间:2017-08-11 16:27点击:


 <?php  
    /*************************
    说明:判断传递的变量中是否含有非法字符,如$_POST、$_GET
    功能:防注入
    **************************/  
    // 要过滤的非法字符  
    error_reporting(0);  
    $ArrFiltrate= array("'",";","union","=","UNION","and","from","WHERE","where","AND","FROM","INSERT","insert",  
    "UPDATE","update","SELECT","select","DELETE","delete",'"',"write","<",">","\*","\/","load_file","outfile");  
    // 出错后要跳转的url,不填则默认前一页  
    $StrGoUrl ="";  
    // 是否存在数组中的值  
    function  FunStringExist($StrFiltrate, $ArrFiltrate) {  
        foreach ($ArrFiltrate as $key => $value) {  
            if (eregi($value, $StrFiltrate)) {  
                return true;  
            }  
        }  
        return  false;  
    }  
    // 合并$_POST 和 $_GET  
    if(function_exists(array_merge)) {  
        $ArrPostAndGet = array_merge($_POST, $_GET);  
    }else{  
        foreach($_POST as $key => $value) {  
            $ArrPostAndGet[]= $value;  
        }  
        foreach($_GET as $key => $value) {  
            $ArrPostAndGet[] = $value;  
        }  
    }  
    // 验证开始  
    foreach($ArrPostAndGet as $key=>$value) {  
        if(FunStringExist($value, $ArrFiltrate)) {  
            echo "<script language=\"javascript\">alert('发现非法字符".$value."');window.history.go(-1);</script>";  
            if (empty($StrGoUrl)){  
                //echo "<script language=\"javascript\">window.history.go(-1)</script>";  
            } else {  
                //echo "<script language=\"javascript\">window.location=\"".$StrGoUrl."\";</script>";  
            }  
            echo "error!";  
            exit;  
        }  
    }  

    ?> 




保存为checkpostandget.php
然后在每个php文件前加include(“checkpostandget.php“);即可


51可用模板(代码)网站专为广大站长朋友提供精品模板与代码,同时免费提供网站收录。
本站域名: WWW.51KYDM.COM    联系方式:QQ:182468923    手机:18111646936
本站关键词:网站链接收录网址收录入口网站免费提交收录网站收录提交入口    网站地图
51可用模板
展开