sql注入

/**
 * PHP解决XSS(跨站脚本攻击)的调用函数
 * PHP跨站脚本漏洞补丁,去除XSS(跨站脚本攻击)的函数,把以下代码保存在function.php文件中,在需要防御的页面中include
 * Enter description here ...
 * @param unknown_type $val
 */
function RemoveXSS($val) {
   $val = preg_replace(/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/, ‘‘, $val);  
   $search = abcdefghijklmnopqrstuvwxyz; 
   $search .= ABCDEFGHIJKLMNOPQRSTUVWXYZ;  
   $search .= 1234567890!@#$%^&*(); 
   $search .= ~`";:?+/={}[]-_|\‘\\; 
   for ($i = 0; $i < strlen($search); $i++) { 
      // ;? matches the ;, which is optional 
      // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 
 
      // @ @ search for the hex values 
      $val = preg_replace(/(&#[xX]0{0,8}.dechex(ord($search[$i])).;?)/i, $search[$i], $val); // with a ; 
      // @ @ 0{0,7} matches ‘0‘ zero to seven times  
      $val = preg_replace(/(&#0{0,8}.ord($search[$i]).;?)/, $search[$i], $val); // with a ; 
   } 
 
   // now the only remaining whitespace attacks are \t, \n, and \r 
   $ra1 = Array(javascript, vbscript, expression, applet, meta, xml, blink, link, style, script, embed, object, iframe, frame, frameset, ilayer, layer, bgsound, title, base); 
   $ra2 = Array(onabort, onactivate, onafterprint, onafterupdate, onbeforeactivate, onbeforecopy, onbeforecut, onbeforedeactivate, onbeforeeditfocus, onbeforepaste, onbeforeprint, onbeforeunload, onbeforeupdate, onblur, onbounce, oncellchange, onchange, onclick, oncontextmenu, oncontrolselect, oncopy, oncut, ondataavailable, ondatasetchanged, ondatasetcomplete, ondblclick, ondeactivate, ondrag, ondragend, ondragenter, ondragleave, ondragover, ondragstart, ondrop, onerror, onerrorupdate, onfilterchange, onfinish, onfocus, onfocusin, onfocusout, onhelp, onkeydown, onkeypress, onkeyup, onlayoutcomplete, onload, onlosecapture, onmousedown, onmouseenter, onmouseleave, onmousemove, onmouseout, onmouseover, onmouseup, onmousewheel, onmove, onmoveend, onmovestart, onpaste, onpropertychange, onreadystatechange, onreset, onresize, onresizeend, onresizestart, onrowenter, onrowexit, onrowsdelete, onrowsinserted, onscroll, onselect, onselectionchange, onselectstart, onstart, onstop, onsubmit, onunload); 
   $ra = array_merge($ra1, $ra2); 
 
   $found = true; // keep replacing as long as the previous round replaced something 
   while ($found == true) { 
      $val_before = $val; 
      for ($i = 0; $i < sizeof($ra); $i++) { 
         $pattern = /; 
         for ($j = 0; $j < strlen($ra[$i]); $j++) { 
            if ($j > 0) { 
               $pattern .= (;  
               $pattern .= (&#[xX]0{0,8}([9ab]);); 
               $pattern .= |;  
               $pattern .= |(&#0{0,8}([9|10|13]);); 
               $pattern .= )*; 
            } 
            $pattern .= $ra[$i][$j]; 
         } 
         $pattern .= /i;  
         $replacement = substr($ra[$i], 0, 2).<x>.substr($ra[$i], 2); // add in <> to nerf the tag  
         $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags  
         if ($val_before == $val) {  
            // no replacements were made, so exit the loop  
            $found = false;  
         }  
      }  
   }  
   return $val;  
}

心晴 2015/5/18 17:56:16
/**
*SQL防注入
**/
function check_input($value)

{

// Stripslashes

if (get_magic_quotes_gpc())

{

$value = stripslashes($value);

}

// Quote if not a number

if (!is_numeric($value))

{

$value =  mysql_real_escape_string($value);

}

return $value;

}

 

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。