时时商务社区

标题: PHP简易的防注入代码 [打印本页]

作者: xgnic    时间: 2018-2-18 04:50

                  /**********************
Powered by Lovegn(http://www.mycodes.net)
Written On 2010.3.12
*************************/
//要过滤的非法字符$ArrFilter=array(“‘”,”;”,”union”);  //敏感字符和字符串,可自行定义//出错后要跳转的url,不填则默认前一页$StrGoUrl=”";//是否存在数组中的值function DangerStringExist($StrFilter,$ArrFilter){foreach ($ArrFilter as $key=>$value){if (eregi($value,$StrFilter)){return true;}}return false;}//合并$_POST   $_GET 和 $_COOKIEif(function_exists(array_merge)){$ArrGPC=array_merge($_POST,$_GET,$_COOKIE);}else{foreach($_POST as $key=>$value){$ArrGPC[]=$value;}foreach($_GET as $key=>$value){$ArrGPC[]=$value;}foreach($_COOKIE as $key=>$value){$ArrGPC[]=$value;}}foreach($ArrGPC as $key=>$value){if(DangerStringExist($value,$ArrFilter)){echo “”;if (empty($StrGoUrl)){echo “”;}else{echo “”;}exit;}}?>
$ArrFilter=array(“‘”,”;”,”union”);  //敏感字符和字符串,可自行定义//出错后要跳转的url,不填则默认前一页$StrGoUrl=”";//是否存在数组中的值function DangerStringExist($StrFilter,$ArrFilter){foreach ($ArrFilter as $key=>$value){if (eregi($value,$StrFilter)){return true;}}return false;}//合并$_POST , $_GET 和 $_COOKIEif(function_exists(array_merge)){$ArrGPC=array_merge($_POST,$_GET,$_COOKIE);}else{foreach($_POST as $key=>$value){$ArrGPC[]=$value;}foreach($_GET as $key=>$value){$ArrGPC[]=$value;           }foreach($_COOKIE as $key=>$value){$ArrGPC[]=$value;           }}foreach($ArrGPC as $key=>$value){if(DangerStringExist($value,$ArrFilter)){echo “”;if (empty($StrGoUrl)){echo “”;}else{echo “”;     }exit;}}?>
    针对GPC的注入的简单防注入代码,将上面代码保存为GPC_sql.php,然后在你想保护得文件中头部inlcude即可工作。





欢迎光临 时时商务社区 (http://bbs.4435.cn/) Powered by Discuz! X3.2