Php prevents SQL injection sample analysis and regular expressions for several common attacks

This article mainly introduces php code and analysis for preventing SQL injection vulnerabilities. recently, it provides regular expressions for several common attacks. For more information, see use regular expressions.

Injection Vulnerability code and analysis

The code is as follows:
Function customError ($ errno, $ errstr, $ errfile, $ errline)
{
Echo"Error number:[$ Errno], error on line $ errline in $ errfile
";
Die ();
}
Set_error_handler ("customError", E_ERROR );
$ Getfilter = "'| (and | or) \ B. +? (>|<|=| In | like) |\/\\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
$ Postfilter = "\ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
$ Cookiefilter = "\ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
Function StopAttack ($ StrFiltKey, $ StrFiltValue, $ ArrFiltReq)
{
If (is_array ($ StrFiltValue ))
{
$ StrFiltValue = implode ($ StrFiltValue );
}
If (preg_match ("/". $ ArrFiltReq. "/is", $ StrFiltValue) = 1 &&! Isset ($ _ REQUEST ['securitytoken'])
{
Slog ("

Operation IP address: ". $ _ SERVER [" REMOTE_ADDR "]."
Operation Time: ". strftime (" % Y-% m-% d % H: % M: % S ")."
Operation page: ". $ _ SERVER [" PHP_SELF "]."
Submission method: ". $ _ SERVER [" REQUEST_METHOD "]."
Parameter submitted: ". $ StrFiltKey ."
Submit data: ". $ StrFiltValue );
Print "result notice: Illegal operation! ";
Exit ();
}
}
Foreach ($ _ GET as $ key => $ value)
{
StopAttack ($ key, $ value, $ getfilter );
}
Foreach ($ _ POST as $ key => $ value)
{
StopAttack ($ key, $ value, $ postfilter );
}
Foreach ($ _ COOKIE as $ key => $ value)
{
StopAttack ($ key, $ value, $ cookiefilter );
}

Function slog ($ logs)
{
$ Toppath = "log.htm ";
$ Ts = fopen ($ toppath, "a + ");
Fputs ($ Ts, $ logs. "\ r \ n ");
Fclose ($ Ts );
}
?>

SQL

Analysis

If you use this function, it bypasses PHP's standard error handling, so you have to define the error handling program (die ()).

Second, if an error occurs before the code is executed, the user-defined program is not executed at that time, so the error handling program written by the user will not be used.

In PHP, you can use set_error_handler () to handle PHP errors. you can also use the trigger_error () function to throw an error.

The set_error_handler () function sets the custom error handling function. The function is used to create the user's own error handling method during running. It needs to create an error handling function first, and then set the error level.

Usage:

The code is as follows:
Function customError ($ errno, $ errstr, $ errfile, $ errline)

{

Echo"Error code:[$ {Errno}] $ {errstr} \ r \ n ";

Echo "error code line: {$ errline} File {$ errfile} \ r \ n ";

Echo "PHP version", PHP_VERSION, "(", PHP_ OS, ") \ r \ n ";

// Die ();

}

Set_error_handler ("customError", E_ALL | E_STRICT );

In this function, you can do anything you want to do, including formatting and outputting error details to log files.

The code is as follows:
Function slog ($ logs)
{
$ Toppath = "log.htm ";
$ Ts = fopen ($ toppath, "a + ");
Fputs ($ Ts, $ logs. "\ r \ n ");
Fclose ($ Ts );
}

Custom error handling functions must have these four input variables $ errno, $ errstr, $ errfile, and $ errline.

Errno is a set of constants, indicating the error level. it also has a set of integers corresponding to it, but it is generally represented by its string value, so that the semantics is better. For example, the binary mask of E_WARNING is 4, indicating the warning information.

Next, pass this function as the callback parameter to set_error_handler. In this way, you can take over the native error handling function of PHP. Note that this hosting method cannot host all types of errors, such as E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, E_COMPILE_WARNING, and E_STRICT. These errors are displayed in the original format or are not displayed.

The StopAttack () function writes the passed POST, GET, and COOKIE regular expressions and calls slog () to the log file.

The code is as follows:
$ Exec_Commond = "(\ s | \ S) * (exec (\ s | \ +) + (s | x) p \ w +) (\ s | \ S )*";
$ Simple_XSS = "(\ s | \ S) * (% 3C) | <) (% 2F) | /) * [a-z0-9 %] + (% 3E) |>) (\ s | \ S )*";
$ Eval_XSS = "(\ s | \ S) * (% 65) | e) (\ s) * (% 76) | v) (\ s) * (% 61) | a) (\ s) * (% 6C) | l) (\ s | \ S )*";
$ Image_XSS = "(\ s | \ S) * (% 3C) | <) (% 69) | I | I | (% 49 )) (% 6D) | m | M | (% 4D) (% 67) | g | G | (% 47 )) [^ \ n] + (% 3E) |>) (\ s | \ S )*";
$ Script_XSS = "(\ s | \ S) * (% 73) | s) (\ s) * (% 63) | c) (\ s) * (% 72) | r) (\ s) * (% 69) | I) (\ s) * (% 70) | p) (\ s) * (% 74) | t) (\ s | \ S )*";
$ SQL _Injection = "(\ s | \ S) * (% 27) | (') | (% 3D) | (=) | (/) | (% 2F) | (\ ") | (% 22) | (-| % 2D) {2}) | (% 23) | (% 3B) | (;) + (\ s | \ S )*";

When HP encounters an error, it will give the location, number of rows, and cause of the error script. many people say that this is no big deal. However, the consequences of leaking the actual path are unimaginable. for some intruders, this information is very important. In fact, many servers have this problem. Some network administrators simply set display_errors in the PHP configuration file to Off, but I think this method is too negative. Sometimes, we do need PHP to return an error message for debugging. In addition, when an error occurs, you may need to give the user an explanation, or even navigate to another page. But with set_error_handler (), these contradictions can also be solved.