今天做完了整个php项目,想来安全问题不少,开发程序的过程中无心过滤参数。所以注入少不了,才有了下面的防注入程序.
代码如下:
- function jk1986_checksql()
- {
- $bad_str = "and|select|update|'|delete|insert|*";
- $bad_Array = explode("|",$bad_str);
- /** 过滤Get参数 **/
- foreach ($bad_Array as $bad_a)
- {
- foreach ($_GET as $g)
- {
- if (substr_count(strtolower($g),$bad_a) > 0)
- {
- echo "<script>alert('诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660');location.href='index.php';</script>";
- exit();
- }
- }
- }
- /** 过滤Post参数 **/
- foreach ($bad_Array as $bad_a)
- {
- foreach ($_POST as $p)
- {
- if (substr_count(strtolower($p),$bad_a) > 0)
- {
- echo "<script>alert('诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660');location.href='index.php';</script>";
- exit();
- }
- }
- }
- /** 过滤Cookies参数 **/
- foreach ($bad_Array as $bad_a)
- {
- foreach ($_COOKIE as $co)
- {
- if (substr_count(strtolower($co),$bad_a) > 0)
- {
- echo "<script>alert('诡异字符,请不要尝试注入本站! 作者:Jk1986 QQ:414028660');location.href='index.php';</script>";
- exit();
- }
- }
- }
- }
复制代码
|