About rxx and SQL Injection

The website was finally launched and scanned with the 360 Website Security Scan artifact:

XSS and SQL vulnerabilities are the main ones:

The SQL vulnerability is mainly caused by an integer variable and is not filtered out.

Use the following method to filter out: $ xxx = intval ($ XXX );

The XSS vulnerability mainly involves some input variables that are not filtered, and an open-source filtering method is used: (however, when I encountered a problem, I made the corresponding modifications to fix it ):

The reprinted method is as follows:

View code

<? PHP // data filtering // parameter: $ str-function dfilter ($ Str) {If (strlen ($ Str) = 0) return $ STR; $ STR = htmlspecialchars ($ Str); // html special mark escape // $ STR = straddslashes ($ Str); // Add escape $ STR = str_replace ("% ", "\ %", $ Str); // '%' escape // $ STR = nl2br ($ Str); // press enter to convert // filter some dangerous characters (strings ), \ ', select, from, where, insert, update, delete, Union, into, Count, load_file, OUTFILE, drop $ STR = str_replace ("\'","", $ Str); $ STR = str_replace ("Sele CT "," s_e_l_e_c_t ", $ Str); $ STR = str_replace (" from "," f_r_o_m ", $ Str); $ STR = str_replace (" where ", "w_h_e_r_e", $ Str); $ STR = str_replace ("insert", "I _n_s_e_r_t", $ Str); $ STR = str_replace ("Update", "u_p_d_a_t_e ", $ Str); $ STR = str_replace ("Delete '", "d_e_l_e_t_e", $ Str); $ STR = str_replace ("Union", "u_n_ I _o_n", $ Str ); $ STR = str_replace ("into", "I _n_t_o", $ Str); $ STR = str_replace ("count", "C_o _ U_n_t ", $ Str); $ STR = str_replace (" load_file "," l_o_a_d_f_ I _l_e ", $ Str); $ STR = str_replace (" OUTFILE "," o_u_t_f_ I _l_e ", $ Str); $ STR = str_replace ("Drop", "d_r_o_p", $ Str); $ STR = str_replace ("<SCRIPT>", "s_c_r_ I _p_t", $ Str ); $ STR = str_replace ("</SCRIPT>", "s_c_r_ I _p_t", $ Str); $ STR = preg_replace ("@ <script (. *?) </SCRIPT> @ is "," ", $ Str); $ STR = preg_replace (" @ <IFRAME (.*?) </Iframe> @ is "," ", $ Str); $ STR = preg_replace (" @ <style (.*?) </Style> @ is "," ", $ Str); // echo $ STR; return $ STR;} // obtain the parameter // parameter: $ pname = parameter name $ ptype = parameter type function param ($ pname, $ ptype = 'str') {// obtain the parameter if ($ pname = '') return $ ptype = 'str '? '':-1; $ strparam = trim ($ pname); // filter parameter $ strparam = dfilter ($ strparam ); // determine the parameter type if ($ ptype = "int") // if you need an integer {If (is_numeric ($ strparam) Return (INT) $ strparam; else return-1;} if ($ ptype = "float") // if you need a floating point {If (is_numeric ($ strparam) Return (float) $ strparam; else return-1;} if ($ ptype = "str") // if you need a string return $ strparam;} // destroy the XSS keyword function removexss ($ Val) {// remove all non-printable ch Aracters. cr (0a) and LF (0b) and tab (9) are Allowed // This prevents some character re-spacing such as <Java \ 0 SCRIPT> // note that you have to handle splits with \ n, \ r, and \ t later since they * are * allowed in some inputs $ val = preg_replace ('/([\ x00-\ x09 \ x0a-\ x0c \ x0e-\ x19]) /', '', $ Val); // straight replacements, the user shoshould never need these since they' re normal characters // This prevents Li Ke  $ search = 'abcdefghijklmnopqrstuvwxy'; $ search. = 'abcdefghijklmnopqrstuvwxy'; $ search. = '192! @ # $ % ^ & * () '; $ Search. = '~ '";:? +/={} []-_ | \' \\<> </> '; $ Search. = 'script'; For ($ I = 0; $ I <strlen ($ search); $ I ++ ){//;? Matches the;, which is optional // 0 {0, 7} matches any padded zeros, which are optional and go up to 8 chars // @ search for the hex values $ val = preg_replace ('/(& # [XX] 0 {0, 8 }'. dechex (ord ($ search [$ I]). ';?) /I ', $ search [$ I], $ Val); // With; // @ 0 {} matches '0' zero to seven times $ val = preg_replace ('/(& #0 }'. ord ($ search [$ I]). ';?) /', $ Search [$ I], $ Val); // With A;} // now the only remaining whitespace attacks are \ t, \ n, and \ r $ ra1 = array ('javascript ', 'vbscript', 'expression', 'applet', 'meta',/* 'xml', 'blink ', 'link', 'style', */'script',/* 'embed ', */'object', 'iframe', 'framework', 'frameset ', 'ilayer',/* 'player', */'bgsound', 'title', 'base', 'behaviour'); $ ra2 = array ('onabort ', 'onactivate', 'onafterprint ', 'onafteru Pdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'weight', 'onbeforeeditfocal ', 'onbeforepaste', 'onbeforeprint ', 'onbeforeunload', 'onbeforeupdate ', 'onblur', 'onbounce ', 'oncellchang', 'onchang', 'onclick', 'ontextmenu', 'oncontrolselect', 'oncopy', 'oncut ', 'ondataavailable ', 'ondatasetchanged ', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend ', 'Ondragenter', 'ondragleave ', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdat', 'onfilterchang', 'onfinish', 'onfocus ', onfocusin, onfocusout, onhelp, onkeydown, onkeypress, onkeyup, onlayoutcomplete, onload, onlosecapture, onmousedown ', 'onmouseenter', 'onmouseleave ', 'onmousemove', 'onmouseout', 'onmouseover ', 'onmouseup', 'onmousewheel ', 'onmove', 'onmoveen D ', 'onmovestart', 'onpaste', 'onpropertychang', 'onreadystatechang', 'onreset', 'onresizeend', 'onresizestart ', 'onrowenter ', onrowexit, onrowsdelete, onrowsinserted, onscroll, onselect, onselectionchange, onselectstart, onstart, onstop, onsubmit ', 'onunload'); $ Ra = array_merge ($ ra1, $ ra2); For ($ I = 0; $ I <sizeof ($ RA); $ I ++) {$ pattern = '/'; For ($ J = 0; $ j <Strlen ($ RA [$ I]); $ J ++) {if ($ j> 0) {$ pattern. = '('; $ pattern. = '(& # [XX] 0 {0, 8} ([9ab]);)'; $ pattern. = '|'; $ pattern. = '| (& #0 {0, 8} ([9 | 10 | 13]);)'; $ pattern. = ') *';} $ pattern. = $ RA [$ I] [$ J];} $ pattern. = '/I'; $ replacement = substr ($ RA [$ I], 0, 2 ). '[notallow]'. substr ($ RA [$ I], 2); // Add in <> to Nerf the tag $ val = preg_replace ($ pattern, $ replacement, $ Val ); // filter out the hex tags} return $ Val ;}?>

I won't talk about the specific usage. Let's take a look at it ~~~