您的位置主页 > 技术文章 > php+mysql > php 防注入攻击函数

php 防注入攻击函数

2009-05-12    文章来源:互联网    浏览次数:18556

/*php 防注入函数
string  $feifa  限制元素组成
如有非法字符跳转到上一页 返回 0  没有返回 1
*/
//使用方法
//$feifa=array("select","delete","from","update","create","destory","drop","alter","and","or","like","exec","count","*","chr","mid","master","truncate","char","declare",";","-","+");
//$arrpostget=array("http://www.baidu.select cretecomdmin","wangw");
//echo saftsql($feifa,$arrpostget);

function saftsql($feifa,$arrpostget){
// $arrpostget=array_merge((array)$HTTP_PSOT_VARS,(array)$HTTP_GET_VARS);
  if($arrpostget){
         foreach($arrpostget as $key=>$value){
              for($i=0;$i<count($feifa);$i++){
                //找非法字符在$value中的位置
                $flag=strpos($value,$feifa[$i]);              
                if($flag)
                {                    
                 echo "<script type=\"text/javascript\">alert('URL有非法字符');</script>";
                 echo "<script type=\"text/javascript\">history.go(-1);</script>";
                 return 0;
                 exit;
                }else{
                    return 1;
                    }

              }
         }
      return 1;

  }

  • 上一篇:SEO中的DIV CSS样式的命名规则 (1)
  • 下一篇:使用PHP 快速生成Flash 动画

    • 文章评论(查看全部)

    验证码: