A comprehensive PHP full-site anti-injection program _ PHP Tutorial

A comprehensive PHP full-site anti-injection program. This is a comprehensive anti-injection program for php and SQL. in php, it mainly filters get, post, Coke, and files. in SQL, we delete the files, update some query commands. this is a comprehensive anti-injection program that combines php and SQL. in php, it mainly filters get, post, Coke, and files, in SQL, we will check and filter the delete and update query commands.

General Idea of SQL injection attacks

· SQL injection location discovered;
· Determine the background database type;
· Determine the executable status of XP_CMDSHELL
· WEB virtual directory discovered
· Upload ASP, php, and jsp Trojans;
· Obtain the administrator permission;

// PHP full-site anti-injection program, which must be included in the public file require_once
// Determine the magic_quotes_gpc status

The code is as follows:

If (@ get_magic_quotes_gpc ()){ $ _ GET = sec ($ _ GET ); $ _ POST = sec ($ _ POST ); $ _ COOKIE = sec ($ _ COOKIE ); $ _ FILES = sec ($ _ FILES ); } $ _ SERVER = sec ($ _ SERVER ); Function sec (& $ array ){ // If it is an array, traverse the array and call it recursively If (is_array ($ array )){ Foreach ($ array as $ k => $ v ){ $ Array [$ k] = sec ($ v ); } } Else if (is_string ($ array )){ // Use the addslashes function for processing $ Array = addslashes ($ array ); } Else if (is_numeric ($ array )){ $ Array = intval ($ array ); } Return $ array; }

1. integer parameter judgment

When the input parameter YY is an integer, the SQL statement in abc. asp is generally as follows:
Select * from table name where field = YY, so you can use the following steps to test whether SQL injection exists.
① HTTP: // xxx. xxx. xxx/abc. asp? P = YY '(with a single quotation mark attached), the SQL statement in abc. ASP becomes
Select * from table name where field = YY ', abc. asp running exception;
② HTTP: // xxx. xxx. xxx/abc. asp? P = YY and 1 = 1, abc. asp is running normally, and it works properly with HTTP: // xxx. xxx. xxx/abc. asp? P = YY: The running result is the same;
③ HTTP: // xxx. xxx. xxx/abc. asp? P = YY and 1 = 2, abc. asp running exception;
If the preceding three steps are fully met, the SQL injection vulnerability exists in abc. asp.

Based on the above, we write an integer filter function.

The code is as follows:

Function num_check ($ id ){ If (! $ Id ){ Die ('parameter cannot be blank! '); } // Whether it is null Else if (inject_check ($ id )){ Die ('invalid parameter '); } // Injection judgment Else if (! Is_numetic ($ id )){ Die ('invalid parameter '); } // Digital judgment $ Id = intval ($ id ); // Integer Return $ id; } // Character filtering function Function str_check ($ str ){ If (inject_check ($ str )){ Die ('invalid parameter '); } // Injection judgment $ Str = htmlspecialchars ($ str ); // Convert html Return $ str; } Function search_check ($ str ){ $ Str = str_replace ("_", "_", $ str ); // Filter out "_" $ Str = str_replace ("%", "%", $ str ); // Filter out "%" $ Str = htmlspecialchars ($ str ); // Convert html Return $ str; } // Form filter function Function post_check ($ str, $ min, $ max ){ If (isset ($ min) & strlen ($ str) <$ min ){ Die ('minimum $ min Byte '); } Else if (isset ($ max) & strlen ($ str)> $ max ){ Die ('maximum $ max Byte '); } Return stripslashes_array ($ str ); }

When the input parameter YY is a string, the SQL statement in abc. asp is generally as follows:
Select * from table name where field = 'yy', so you can use the following steps to test whether SQL injection exists.
① HTTP: // xxx. xxx. xxx/abc. asp? P = YY '(with a single quotation mark attached), the SQL statement in abc. ASP becomes
Select * from table name where field = YY ', abc. asp running exception;
② HTTP: // xxx. xxx. xxx/abc. asp? P = YY &; nb... 39; 1' = '1', abc. asp runs normally, and it works with HTTP: // xxx. xxx. xxx/abc. asp? P = YY: The running result is the same;
③ HTTP: // xxx. xxx. xxx/abc. asp? P = YY &; nb... 39; 1' = '2', abc. asp running exception;
If the preceding three steps are fully met, the SQL injection vulnerability exists in abc. asp.

The code is as follows:

// Anti-injection function Function inject_check ($ SQL _str ){ Return eregi ('select | inert | update | delete | '|/* |.../|./| UNION | into | load_file | outfile', $ SQL _str ); // Www.hzhuti.com for filtering and anti-injection } Function stripslashes_array (& $ array ){ If (is_array ($ array )){ Foreach ($ array as $ k => $ v ){ $ Array [$ k] = stripslashes_array ($ v ); } } Else if (is_string ($ array )){ $ Array = stripslashes ($ array ); } Return $ array; }

?>

The anti-injection solution introduced in this article is comprehensive. you can test the solution or use a better method.

...