Copy code code as follows:
<?php
class Sqlsafe {
Private $getfilter = ' | And|or) \\b.+? (>|<|=|in|like) |\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b| Union.+? Select| Update.+? Set| Insert\\s+into.+? values| (select| DELETE). +? From| (create| alter| drop| TRUNCATE) \\s+ (table| DATABASE) ";
Private $postfilter = \\b (and|or) \\b.{1,6}? (=|>|<|\\bin\\b|\\blike\\b) |\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b| Union.+? Select| Update.+? Set| Insert\\s+into.+? values| (select| DELETE). +? From| (create| alter| drop| TRUNCATE) \\s+ (table| DATABASE) ";
Private $cookiefilter = \\b (and|or) \\b.{1,6}? (=|>|<|\\bin\\b|\\blike\\b) |\\/\\*.+?\\*\\/|<\\s*script\\b|\\bexec\\b| Union.+? Select| Update.+? Set| Insert\\s+into.+? values| (select| DELETE). +? From| (create| alter| drop| TRUNCATE) \\s+ (table| DATABASE) ";
/**
* constructor
/
Public Function __construct () {
foreach ($_get as $key => $value) {$this->stop Attack ($key, $value, $this->getfilter);
ForeaCH ($_post as $key => $value) {$this->stopattack ($key, $value, $this->postfilter);}
foreach ($_cookie as $key => $value) {$this->stopattack ($key, $value, $this->cookiefilter);
}
/**
* parameter check and write log
*/
Public Function Stopattack ($StrFiltKey, $StrFiltValue, $ArrFiltReq) {
if (Is_array ($StrFiltValue)) $StrFiltValue = implode ($StrFiltValue);
if (Preg_match ("/". $ArrFiltReq. " /is ", $StrFiltValue) = = 1) {
$this->writeslog ($_server[" REMOTE_ADDR "]." ". Strftime ("%y-%m-%d%h:%m:%s ")." ". $_server[" Php_self "]." ". $_server[" Request_method "]." ". $StrFiltKey." ". $StrFiltValue);
ShowMsg (' The parameter you submitted is illegal, the system has logged your operation! ', ', 0, 1;
}
}
/**
* SQL injection log
/
Public Function Writeslog ($log) {
$log _path = cache_path. ' Logs '. Directory_separator. ' Sql_log.txt ';
$ts = fopen ($log _path, "A +");
Fputs ($ts, $log.) \ r \ n ");
Fclose ($ts);
}
}
?>
