<?php class sqlsafe { private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)"; public function __construct() { foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);} foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);} foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);} } public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){ if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue); if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){ $this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue); showmsg('您提交的參數(shù)非法,系統(tǒng)已記錄您的本次操作!','',0,1); } } public function writeslog($log){ $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt'; $ts = fopen($log_path,"a+"); fputs($ts,$log."\r\n"); fclose($ts); } }
This class library first constructs the function parameters, then checks and writes the log, and finally checks the SQL injection log. It is a very useful PHP class library to prevent SQL injection
All resources on this site are contributed by netizens or reprinted by major download sites. Please check the integrity of the software yourself! All resources on this site are for learning reference only. Please do not use them for commercial purposes. Otherwise, you will be responsible for all consequences! If there is any infringement, please contact us to delete it. Contact information: admin@php.cn
Related Article

20 May 2025
Avoiding SQL injection in PHP can be done by: 1. Use parameterized queries (PreparedStatements), as shown in the PDO example. 2. Use ORM libraries, such as Doctrine or Eloquent, to automatically handle SQL injection. 3. Verify and filter user input to prevent other attack types.

20 Dec 2024
Preventing SQL Injection Attacks in Go with the "database/sql" LibraryIn web development, SQL injection attacks pose a significant security...

25 Dec 2024
Preventing SQL Injection Attacks with "database/sql" in GoWhen building web applications, securing input is crucial to prevent malicious attacks....

18 Jun 2025
The key to preventing SQL injection is to standardize input and use the database operation correctly. The main methods include: 1. Use parameterized queries to separate SQL statements from user input to prevent malicious code execution; 2. Filter and verify user input, limit and verify data types; 3. Follow the principle of minimum permissions, control database account permissions and hide detailed error information; 4. Use mature frameworks and libraries, relying on default security mechanisms such as ORM or parameterized queries. As long as it is developed according to the recommended method, it can effectively prevent the risk of SQL injection.

06 Jul 2016
It was past 11 o'clock last night, and a friend suddenly came to me and told me that a vulnerability in their company's website had been submitted to wooyun. (Then I briefly learned about the vulnerability with the girl. PS: The girl is a PHP programmer) Two vulnerabilities were submitted on wooyun, one of which was SQL injection (after understanding, their company...

18 Nov 2024
SQL Injection Prevention with PHP MySQLITo prevent SQL injection when using PHP MySQLI, it is crucial to secure all variables involved in your SQL...


Hot Tools

PHP library for dependency injection containers
PHP library for dependency injection containers

A collection of 50 excellent classic PHP algorithms
Classic PHP algorithm, learn excellent ideas and expand your thinking

Small PHP library for optimizing images
Small PHP library for optimizing images
