<?php class sqlsafe {private $getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";/*** 構造函數*/public function __construct() {foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}}/*** 參數檢查并寫日志*/public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){ $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);showmsg('您提交的參數非法,系統已記錄您的本次操作！','',0,1);}}/*** SQL注入日志*/public function writeslog($log){$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';$ts = fopen($log_path,"a+");fputs($ts,$log."\r\n");fclose($ts);} } ?>

總結

以上是生活随笔為你收集整理的PHP之SQL防注入代码(360提供)的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。