/**********************
Powered by Lovegn(http://www.mycodes.net)
Written On 2010.3.12
*************************/
//要过滤的非法字符$ArrFilter=array(“‘”,”;”,”union”); //敏感字符和字符串,可自行定义//出错后要跳转的url,不填则默认前一页$StrGoUrl=”";//是否存在数组中的值function DangerStringExist($StrFilter,$ArrFilter){foreach ($ArrFilter as $key=>$value){if (eregi($value,$StrFilter)){return true;}}return false;}//合并$_POST $_GET 和 $_COOKIEif(function_exists(array_merge)){$ArrGPC=array_merge($_POST,$_GET,$_COOKIE);}else{foreach($_POST as $key=>$value){$ArrGPC[]=$value;}foreach($_GET as $key=>$value){$ArrGPC[]=$value;}foreach($_COOKIE as $key=>$value){$ArrGPC[]=$value;}}foreach($ArrGPC as $key=>$value){if(DangerStringExist($value,$ArrFilter)){echo “”;if (empty($StrGoUrl)){echo “”;}else{echo “”;}exit;}}?>
$ArrFilter=array(“‘”,”;”,”union”); //敏感字符和字符串,可自行定义//出错后要跳转的url,不填则默认前一页$StrGoUrl=”";//是否存在数组中的值function DangerStringExist($StrFilter,$ArrFilter){foreach ($ArrFilter as $key=>$value){if (eregi($value,$StrFilter)){return true;}}return false;}//合并$_POST , $_GET 和 $_COOKIEif(function_exists(array_merge)){$ArrGPC=array_merge($_POST,$_GET,$_COOKIE);}else{foreach($_POST as $key=>$value){$ArrGPC[]=$value;}foreach($_GET as $key=>$value){$ArrGPC[]=$value; }foreach($_COOKIE as $key=>$value){$ArrGPC[]=$value; }}foreach($ArrGPC as $key=>$value){if(DangerStringExist($value,$ArrFilter)){echo “”;if (empty($StrGoUrl)){echo “”;}else{echo “”; }exit;}}?>
针对GPC的注入的简单防注入代码,将上面代码保存为GPC_sql.php,然后在你想保护得文件中头部inlcude即可工作。