PHP反SQL注入的函数！

ctgwglzc

function log_attack($type, $query) //Created By Heretic
{
$agent = $_SERVER['HTTP_USER_AGENT'];
$uri = $_SERVER['REQUEST_URI'];
$ip = $_SERVER['REMOTE_ADDR'];
$ref = $_SERVER['HTTP_REFERER'];
$dtime = date('r');
if($ref == ""){
$ref = "None";
}
if($user == ""){
$user = "None";
}
$location = "security/";
$type = $location . $type . ".html";
$entry_line = "$dtime - IP: $ip | Agent: $agent | URL: $uri | Referrer: $ref | Query : $query <BR>\n";
$fp = fopen("$type", "a");
fputs($fp, $entry_line);
fclose($fp);
}
function test($string)
{
$string2 = preg_replace( '/[^A-Za-z0-9@\.\-_\+ ]*/', '', $string );
$string2= strip_tags($string2);
if (($string) <> ($string2)){
log_attack('sql_attack', $string);
}
return $string2;
}

复制代码

talkweb · 2009-9-24 18:56:29

我有.NET的反SQL注入

#region 输入用户名和密码时进行处理，清除SQL注入式攻击(来自Microsoft)
/// <summary>
/// 输入用户名和密码时进行处理，清除SQL注入式攻击(来自Microsoft)
/// </summary>
/// <param name="inputString">输入值</param>
/// <param name="maxLength">取输入值的多长</param>
/// <returns>处理后的值</returns>
public static string InputText(string inputString, int maxLength)
{
StringBuilder retVal = new StringBuilder();

if ((inputString != null) && (inputString != String.Empty))
{
inputString = inputString.Trim();
if (inputString.Length > maxLength)
inputString = inputString.Substring(0, maxLength);
for (int i = 0; i < inputString.Length; i++)
{
switch (inputString[i])
{
case '"':
retVal.Append(""");
break;
case '<':
retVal.Append("<");
break;
case '>':
retVal.Append(">");
break;
default:
retVal.Append(inputString[i]);
break;
}
}

retVal.Replace("'", " ");
}
String sRetrun =retVal.ToString();
sRetrun=sRetrun.Replace("--","");
return sRetrun.ToString().Trim();
}
#endregion

ww34856950 · 2009-9-25 13:04:24

我还是看不懂

ww34856950 · 2009-9-25 13:04:35

能说的清楚一点有什么用吗

账号		自动登录	找回密码
密码			加入

PHP反SQL注入的函数！

相关帖子

3 回复

浏览过的版块

ctgwglzc