sql通用防注入系统

作者:袖梨 2022-06-24

//防注入

 代码如下 复制代码
$arrfiltrate=array("update","delete","selert","drop","exec","cast","'","union");
//出错后要跳转的url,不填则默认前一页
$strgourl="";
//是否存在数组中的值
function funstringexist($strfiltrate,$arrfiltrate){
    foreach ($arrfiltrate as $key=>$value){
        if (eregi($value,$strfiltrate)){
            return true;
        }
    }
return false;
}
//合并$_post 和 $_get
if(function_exists(array_merge)){
    $arrpostandget=array_merge($http_post_vars,$http_get_vars);
}else{
    foreach($http_post_vars as $key=>$value){
        $arrpostandget[]=$value;
    }
    foreach($http_get_vars as $key=>$value){
    $arrpostandget[]=$value;
    }
}
//验证开始
foreach($arrpostandget as $key=>$value){
    if (funstringexist($value,$arrfiltrate)){
        echo " ";
        if (empty($strgourl)){
            echo " ";
        }else{
            echo " ";
        }
        echo "";
        exit();
    }
}
?>

相关文章

精彩推荐