PHP Security filtering code (360 high security factor)
/**
- * Filter dangerous parameters
- * Edit: bbs.it-home.org
- */
- // Code By Safe3
- Function customError ($ errno, $ errstr, $ errfile, $ errline)
- {
- Echo"Error number:[$ Errno], error on line $ errline in $ errfile
";
- Die ();
- }
- Set_error_handler ("customError", E_ERROR );
- $ Getfilter = "'| (and | or) \ B. +? (>|<|=| In | like) |\/\\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
- $ Postfilter = "\ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
- $ Cookiefilter = "\ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
- Function StopAttack ($ StrFiltKey, $ StrFiltValue, $ ArrFiltReq ){
If (is_array ($ StrFiltValue ))
- {
- $ StrFiltValue = implode ($ StrFiltValue );
- }
- If (preg_match ("/". $ ArrFiltReq. "/is", $ StrFiltValue) = 1 ){
- // Slog ("
Operation IP address: ". $ _ SERVER [" REMOTE_ADDR "]." Operation Time: ". strftime (" % Y-% m-% d % H: % M: % S ")." Operation page: ". $ _ SERVER [" PHP_SELF "]." Submission method: ". $ _ SERVER [" REQUEST_METHOD "]." Parameter submitted: ". $ StrFiltKey ." Submit data: ". $ StrFiltValue );
- Print "360 websec notice: Illegal operation! ";
- Exit ();
- }
- }
- // $ ArrPGC = array_merge ($ _ GET, $ _ POST, $ _ COOKIE );
- Foreach ($ _ GET as $ key => $ value ){
- StopAttack ($ key, $ value, $ getfilter );
- } // Bbs.it-home.org
- Foreach ($ _ POST as $ key => $ value ){
- StopAttack ($ key, $ value, $ postfilter );
- }
- Foreach ($ _ COOKIE as $ key => $ value ){
- StopAttack ($ key, $ value, $ cookiefilter );
- }
- If (file_exists ('update360. php ')){
- Echo "please rename the file update360.php to prevent hackers from using
";
- Die ();
- }
- Function slog ($ logs)
- {
- $ Toppath = $ _ SERVER ["DOCUMENT_ROOT"]. "/log.htm ";
- $ Ts = fopen ($ toppath, "a + ");
- Fputs ($ Ts, $ logs. "\ r \ n ");
- Fclose ($ Ts );
- }
- ?>
Articles you may be interested in: PHP filters post and get sensitive data instance codes. php filters illegal and special strings. php protects against injection of a piece of code (filter parameters) php regular-expression-based filtering of html tags, spaces, line breaks, and other code examples php provides a very useful method for filtering IP blacklist and whitelist. php prevents SQL injection vulnerability filtering function code php uses the filter function input. verify php to prevent SQL injection and regular expression filtering: a php filter of dangerous html code |