//防注入
代码如下 | 复制代码 |
$arrfiltrate=array("update","delete","selert","drop","exec","cast","'","union"); //出错后要跳转的url,不填则默认前一页 $strgourl=""; //是否存在数组中的值 function funstringexist($strfiltrate,$arrfiltrate){ foreach ($arrfiltrate as $key=>$value){ if (eregi($value,$strfiltrate)){ return true; } } return false; } //合并$_post 和 $_get if(function_exists(array_merge)){ $arrpostandget=array_merge($http_post_vars,$http_get_vars); }else{ foreach($http_post_vars as $key=>$value){ $arrpostandget[]=$value; } foreach($http_get_vars as $key=>$value){ $arrpostandget[]=$value; } } //验证开始 foreach($arrpostandget as $key=>$value){ if (funstringexist($value,$arrfiltrate)){ echo " "; if (empty($strgourl)){ echo " "; }else{ echo " "; } echo ""; exit(); } } ?> |