PHP Anti-SQL injection class that can filter sensitive parameters

Determine xp_cmdshell performance

Discovery Web Virtual Directory

Upload asp,php,jsp Trojan;

Get administrator privileges;

PHP Whole station Anti-injection program, need to require_once the document in the public file
Judge the state of MAGIC_QUOTES_GPC
if (@get_magic_quotes_gpc ()) {
$_get = sec ($_get);
$_post = sec ($_post);
$_cookie = sec ($_cookie);
$_files = sec ($_files);
}
$_server = sec ($_server);
Function sec (& $array) {
If it's an array, iterate through the array, recursively call the
if (Is_array ($array)) {
foreach ($array as $k => $v) {
$array [$k] = sec ($v);
}
else if (is_string ($array)) {
Use the Addslashes function to handle
$array = Addslashes ($array);
else if (Is_numeric ($array)) {
$array = Intval ($array);
}
return $array;
}

1, the judgment of the parameter of the whole type

When the input argument yy is an integral type, the SQL statement typically looks like this in abc.asp:

SELECT * from table name where field =yy, so you can test the existence of SQL injection with the following steps.

①http://xxx.xxx.xxx/abc.asp?p=yy ' (append a single quote), at this time ABC. The SQL statement in ASP becomes a

SELECT * from table name where Field =yy ', abc.asp run exception;

②http://xxx.xxx.xxx/abc.asp?p=yy and 1=1, the abc.asp runs normally, and is the same as the HTTP://xxx.xxx.xxx/abc.asp?p=YY operation result;

③http://xxx.xxx.xxx/abc.asp?p=yy and 1=2, abc.asp run abnormally;

If the above three steps are fully met, there must be a SQL injection vulnerability in abc.asp.

function Num_check ($id) {
if (! $id) {
Die (' parameter cannot be empty! ' );
}//IS NULL judgment
else if (Inject_check ($id)) {
Die (' illegal parameters ');
}//Injection judgment
else if (! is_numetic ($id)) {
Die (' illegal parameters ');
}
Digital judgment
$id = Intval ($id);
Integral type
return $id;
}

Character Filter function
function Str_check ($STR) {
if (Inject_check ($STR)) {
Die (' illegal parameters ');
}
Injection judgment
$str = Htmlspecialchars ($STR);
Convert HTML
return $str;
}
function Search_check ($STR) {
$str = Str_replace ("_", "_", $str);
To filter Out "_"
$str = str_replace ("%", "%", $str);
Filter out "%"
$str = Htmlspecialchars ($STR);
Convert HTML
return $str;
}
Form Filter Functions
function Post_check ($str, $min, $max) {
if (Isset ($min) && strlen ($STR) < $min) {
Die (' least $min byte ');
else if (isset ($max) && strlen ($STR) > $max) {
Die (' Maximum $max bytes ');
}
Return Stripslashes_array ($STR);
}

When you enter a parameter yy as a string, the SQL statement usually looks like this in abc.php:

SELECT * from table name where field = ' YY ', you can use the following procedure to test whether the SQL injection exists.

①http://xxx.xxx.xxx/abc.php?p=yy ' (append a single quote), at this time ABC. The SQL statement in ASP becomes a

SELECT * from table name where Field =yy ', abc.asp run exception;

②http://xxx.xxx.xxx/abc.php?p=yy&;nb ... 39;1 ' = ' 1 ', the abc.php runs normally, and the result is the same as HTTP://xxx.xxx.xxx/abc.asp?p=YY;

③http://xxx.xxx.xxx/abc.php?p=yy&;nb ... 39;1 ' = ' 2 ', abc.php run abnormally;

If the above three steps are fully met, there must be a SQL injection vulnerability in abc.asp.

//anti-injection function   
function Inject_check ($sql _str) {  
    return eregi (' SE Lect|inert|update|delete| ' | /*|*|.. /|. /| Union|into|load_file|outfile ', $sql _str);  
   //filtering, anti-injection  
} 
Function Stripslashes_array (& $array) {  
    if (Is_array ($array)) {  
        foreach ($array as $k => $v) {  
             $array [$k] = Stripslashes_array ($v);  
        }  
   } else if (is_string ($array)) {  
 & nbsp;      $array = stripslashes ($array);  
   }  
    return $array;  
}

PHP Bulk filter Post,get sensitive data
if (GET_MAGIC_QUOTES_GPC ()) {
$_get = Stripslashes_array ($_get);
$_post = Stripslashes_array ($_post);
}

Function Stripslashes_array (& $array) {
while (the list ($key, $var) = each ($array)) {
if ($key!= ' argc ' && $key!= ' argv ' && (Strtoupper ($key)!= $key | | '. Intval ($key) = = "$key")) {
if (is_string ($var)) {
$array [$key] = stripslashes ($var);
}
if (Is_array ($var)) {
$array [$key] = Stripslashes_array ($var);
}
}
}
return $array;
}
Filter
function HTMLEncode ($STR) {
if (empty ($STR)) return;
if ($str = = "") return $str;
$str =trim ($STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace (CHR), "", $str);
$str =str_replace (Chr (9), "", $str);
$str =str_replace (Chr (9), "", $str);
$str =str_replace (CHR), "&", $STR);
$str =str_replace (CHR), "'", $str);
$str =str_replace (CHR), "<br/>", $str);
$str =str_replace ("'", "" ", $str);
$str =str_replace ("Select", "select", $str);
$str =str_replace ("script", "script", $STR);
$str =str_replace ("script", "script", $STR);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("Cast", "CAS", $str);
return $str;
}

Decoding
function HtmlDecode ($STR) {
if (empty ($STR)) return;
if ($str = = "") return $str;
$str =str_replace ("Select", "select", $str);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("cas", "cast", $STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace ("", Chr (), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("&", Chr (), $STR);
$str =str_replace ("'", Chr (), $STR);
$str =str_replace ("<br/>", Chr (), $STR);
$str =str_replace ("" "," "", $str);
return $str;
}

//function: String_filter ($string, $match _type=1)
//function: Filter illegal content
//Parameters:
//$string need to check the string
//$match _type match type , 1 for exact match, 2 is a blur match, the default is 1
//
//return: Illegal content returns true, no illegal content returns false
//Other: List of illegal keywords saved in TXT file, divided into common illegal keywords and serious illegal keywords two lists
/ /Author: Heiyeluren
//Time: 2006-1-18
//
//================================================================== = = =
Function Lib_lawless_string_filter ($string, $match _type=1)
{
//string null directly returns illegal
$string = Trim ($string );
if (empty ($string))
{
return false;
}
//Get a list of important keywords and general keywords list
$common _file = "common_list.txt";//Universal filter keyword list
$signify _file = "Signify_list.txt"; Important Filter Keyword list
//If any list file does not exist, return false directly, otherwise the two file list is read to two arrays
if (!file_exists ($common _file) | |!file_exists ($signify _ File)
{
return false;
}
$common _list = file ($common _file);
$signify _list = file ($signify _file);

Exact match
if ($match _type = = 1)
{
$is _lawless = Exact_match ($string, $common _list);
}

Fuzzy matching
if ($match _type = = 2)
{
$is _lawless = Blur_match ($string, $common _list, $signify _list);
}

Determine if there is data in the array of retrieved results, and if so, prove illegal.
if (Is_array ($is _lawless) &&!empty ($is _lawless))
{
return true;
}
Else
{
return false;
}
}

//---------------------
Exact match, for filtering services
//---------------------
function Exact_match ($string, $common _list)
{
$string = Trim ($string);
$string = Lib_replace_end_tag ($string);

Retrieve the generic filter keyword list
foreach ($common _list as $block)
{
$block = Trim ($block);
if (Preg_match ("/^ $string $/i", $block))
{
$blist [] = $block;
}
}
To determine if there is no filtered content in the array
if (!empty ($blist))
{
Return Array_unique ($blist);
}

return false;
}

//----------------------
Fuzzy matching, for filtering services
//----------------------
function Blur_match ($string, $common _list, $signify _list)
{
$string = Trim ($string);
$s _len = strlen ($string);
$string = Lib_replace_end_tag ($string);

Retrieve the generic filter keyword list
foreach ($common _list as $block)
{
$block = Trim ($block);
if (Preg_match ("/^ $string $/i", $block))
{
$blist [] = $block;
}
}
Retrieve a list of critical filter keywords
foreach ($signify _list as $block)
{
$block = Trim ($block);
if ($s _len>=strlen ($block) && preg_match ("/$block/I", $string))
{
$blist [] = $block;
}
}
To determine if there is no filtered content in the array
if (!empty ($blist))
{
Return Array_unique ($blist);
}

return false;
}

//--------------------------
Replace the HTML footer tag for the filter service
//--------------------------
function Lib_replace_end_tag ($STR)
{
if (empty ($STR)) return false;
$str = Htmlspecialchars ($STR);
$str = Str_replace ('/', "", $str);
$str = Str_replace ("", "", $str);
$str = Str_replace ("&gt", "", $str);
$str = Str_replace ("&lt", "", $str);
$str = Str_replace ("<SCRIPT>", "", $str);
$str = Str_replace ("</SCRIPT>", "", $str);
$str = Str_replace ("<script>", "", $str);
$str = Str_replace ("</script>", "", $str);
$str =str_replace ("Select", "select", $str);
$str =str_replace ("Join", "join", $STR);
$str =str_replace ("union", "union", $STR);
$str =str_replace ("where", "where", $str);
$str =str_replace ("Insert", "Insert", $STR);
$str =str_replace ("delete", "delete", $str);
$str =str_replace ("Update", "Update", $STR);
$str =str_replace ("like", "like", $STR);
$str =str_replace ("Drop", "drop", $str);
$str =str_replace ("Create", "create", $STR);
$str =str_replace ("Modify", "Modify", $str);
$str =str_replace ("rename", "Rename", $str);
$STR =str_replace ("Alter", "Alter", $STR);
$str =str_replace ("cas", "cast", $STR);
$str =str_replace ("&", "&", $STR);
$str =str_replace (">", ">", $str);
$str =str_replace ("<", "<", $str);
$str =str_replace ("", Chr (), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("" ", Chr (9), $STR);
$str =str_replace ("&", Chr (), $STR);
$str =str_replace ("'", Chr (), $STR);
$str =str_replace ("<br/>", Chr (), $STR);
$str =str_replace ("" "," "", $str);
$str =str_replace ("CSS", "'", $str);
$str =str_replace ("CSS", "'", $str);

return $str;

HTML tags, which can be used as an extension filter
/*
$tags = Array ("/html", "/head", "/body", "/div", "/span", "/doctype", "/title", "/link", "/meta", "/style", "P", "/h1,", "/h2," "/h3," "/h4," "/h5," "/h6", "/strong", "/em", "/abbr", "/acronym", "/address", "/bdo", "/blockquote", "/cite", "/q", "/code", "/ins", "/del", "/DFN", "/kbd", "/pre", "/samp", "/var", "/br", "a", "/img", "/area", "/map", "/object", " /param ","/ul ","/ol ","/li ","/dl ","/dt ","/dd ","/table ","/tr ","/td ","/th ","/tbody ","/thead ","/tfoot ","/col "," Colgroup ","/caption ","/form ","/input ","/textarea ","/select ","/option ","/optgroup ","/button ","/label "," FieldSet ","/legend ","/script ","/noscript ","/b "," I ","/tt ","/sub ","/sup ","/big ","/small ","/hr ");
*/

}
References are directly like this:
$xxx = htmlspecialchars ($_post[' xxx '));
Or
$xxx = htmlspecialchars ($_get[' xxx '));