国产av日韩一区二区三区精品,成人性爱视频在线观看,国产,欧美,日韩,一区,www.成色av久久成人,2222eeee成人天堂

Home PHP Libraries Other libraries PHP class library to prevent SQL injection
PHP class library to prevent SQL injection
<?php
class sqlsafe {
  private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
  public function __construct() {
    foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
    foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
    foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
  }
  public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
    if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
      $this->writeslog($_SERVER["REMOTE_ADDR"]."    ".strftime("%Y-%m-%d %H:%M:%S")."    ".$_SERVER["PHP_SELF"]."    ".$_SERVER["REQUEST_METHOD"]."    ".$StrFiltKey."    ".$StrFiltValue);
      showmsg('您提交的參數(shù)非法,系統(tǒng)已記錄您的本次操作!','',0,1);
    }
  }
  public function writeslog($log){
    $log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
    $ts = fopen($log_path,"a+");
    fputs($ts,$log."\r\n");
    fclose($ts);
  }
}

This class library first constructs the function parameters, then checks and writes the log, and finally checks the SQL injection log. It is a very useful PHP class library to prevent SQL injection


Disclaimer

All resources on this site are contributed by netizens or reprinted by major download sites. Please check the integrity of the software yourself! All resources on this site are for learning reference only. Please do not use them for commercial purposes. Otherwise, you will be responsible for all consequences! If there is any infringement, please contact us to delete it. Contact information: admin@php.cn

Related Article

How to avoid SQL injection in PHP? How to avoid SQL injection in PHP?

20 May 2025

Avoiding SQL injection in PHP can be done by: 1. Use parameterized queries (PreparedStatements), as shown in the PDO example. 2. Use ORM libraries, such as Doctrine or Eloquent, to automatically handle SQL injection. 3. Verify and filter user input to prevent other attack types.

How Does Go's `database/sql` Library Prevent SQL Injection Attacks? How Does Go's `database/sql` Library Prevent SQL Injection Attacks?

20 Dec 2024

Preventing SQL Injection Attacks in Go with the "database/sql" LibraryIn web development, SQL injection attacks pose a significant security...

How Does Go's 'database/sql' Library Prevent SQL Injection Attacks? How Does Go's 'database/sql' Library Prevent SQL Injection Attacks?

25 Dec 2024

Preventing SQL Injection Attacks with "database/sql" in GoWhen building web applications, securing input is crucial to prevent malicious attacks....

What is SQL Injection and how to prevent it simply? What is SQL Injection and how to prevent it simply?

18 Jun 2025

The key to preventing SQL injection is to standardize input and use the database operation correctly. The main methods include: 1. Use parameterized queries to separate SQL statements from user input to prevent malicious code execution; 2. Filter and verify user input, limit and verify data types; 3. Follow the principle of minimum permissions, control database account permissions and hide detailed error information; 4. Use mature frameworks and libraries, relying on default security mechanisms such as ORM or parameterized queries. As long as it is developed according to the recommended method, it can effectively prevent the risk of SQL injection.

How to prevent SQL injection? How to prevent SQL injection?

06 Jul 2016

It was past 11 o'clock last night, and a friend suddenly came to me and told me that a vulnerability in their company's website had been submitted to wooyun. (Then I briefly learned about the vulnerability with the girl. PS: The girl is a PHP programmer) Two vulnerabilities were submitted on wooyun, one of which was SQL injection (after understanding, their company...

How to Effectively Prevent SQL Injection with PHP MySQLi? How to Effectively Prevent SQL Injection with PHP MySQLi?

18 Nov 2024

SQL Injection Prevention with PHP MySQLITo prevent SQL injection when using PHP MySQLI, it is crucial to secure all variables involved in your SQL...

See all articles