- /**
- * Parameter filtering code
- * Edit bbs.it-home.org
- */
- If (@ get_magic_quotes_gpc ()){
- $ _ GET = sec ($ _ GET );
- $ _ POST = sec ($ _ POST );
- $ _ COOKIE = sec ($ _ COOKIE );
- $ _ FILES = sec ($ _ FILES );
- }
- $ _ SERVER = sec ($ _ SERVER );
- Function sec (& $ array ){
- // If it is an array, traverse the array and call it recursively
- If (is_array ($ array )){
- Foreach ($ array as $ k => $ v ){
- $ Array [$ k] = sec ($ v );
- }
- } Else if (is_string ($ array )){
- // Use the addslashes function for processing
- $ Array = addslashes ($ array );
- } Else if (is_numeric ($ array )){
- $ Array = intval ($ array );
- }
- Return $ array;
- }
- ?>
1. integer parameter determination when the input parameter YY is an integer, usually abc. the SQL statement in asp is roughly as follows: select * from table name where field = YY, so you can use the following steps to test whether SQL injection exists. ① HTTP: // xxx. xxx. xxx/abc. asp? P = YY '(append a single quotation mark). at this time, abc. the SQL statement in ASP is changed to select * from table name where field = YY ', abc. asp running exception; ② HTTP: // xxx. xxx. xxx/abc. asp? P = YY and 1 = 1, abc. asp is running normally, and it works properly with HTTP: // xxx. xxx. xxx/abc. asp? P = YY: The running result is the same; ③ HTTP: // xxx. xxx. xxx/abc. asp? P = YY and 1 = 2, abc. asp is abnormal. if the preceding three steps are fully met, the SQL injection vulnerability exists in abc. asp. The code of an integer filter function is as follows:
Function num_check ($ id ){
- If (! $ Id ){
- Die ('parameter cannot be blank! ');
- } // Whether it is null
- Else if (inject_check ($ id )){
- Die ('invalid parameter ');
- } // Injection judgment
- Else if (! Is_numetic ($ id )){
- Die ('invalid parameter ');
- }
- // Digital judgment
- $ Id = intval ($ id );
- // Integer
- Return $ id;
- }
// Character filtering function
- Function str_check ($ str ){
- If (inject_check ($ str )){
- Die ('invalid parameter ');
- }
- // Injection judgment
- $ Str = htmlspecialchars ($ str );
- // Convert html
- Return $ str;
- }
- Function search_check ($ str ){
- $ Str = str_replace ("_", "_", $ str );
- // Filter out "_"
- $ Str = str_replace ("%", "%", $ str );
- // Filter out "%"
- $ Str = htmlspecialchars ($ str );
- // Convert html
- Return $ str;
- }
- // Form filter function
- Function post_check ($ str, $ min, $ max ){
- If (isset ($ min) & strlen ($ str) <$ min ){
- Die ('minimum $ min Byte ');
- } Else if (isset ($ max) & strlen ($ str)> $ max ){
- Die ('maximum $ max Byte ');
- }
- Return stripslashes_array ($ str );
- }
- ?>
When the input parameter YY is a string, it is usually abc. the SQL statement in asp is roughly as follows: select * from table name where field = 'yy', so you can test whether SQL injection exists by following these steps. ① HTTP: // xxx. xxx. xxx/abc. asp? P = YY '(append a single quotation mark). at this time, abc. the SQL statement in ASP is changed to select * from table name where field = YY ', abc. asp running exception; ② HTTP: // xxx. xxx. xxx/abc. asp? P = YY &; nb... 39; 1' = '1', abc. asp is running normally, and is consistent with HTTP: // xxx. xxx. xxx/abc. asp? P = YY: The running result is the same; ③ HTTP: // xxx. xxx. xxx/abc. asp? P = YY &; nb... 39; 1' = '2', abc. asp is abnormal. if the preceding three steps are fully met, the SQL injection vulnerability exists in abc. asp. Attach a function to prevent SQL injection:
- // Anti-injection function
- Function inject_check ($ SQL _str ){
- Return eregi ('select | inert | update | delete | '|/* |.../|./| UNION | into | load_file | outfile', $ SQL _str );
- // Filter, prevent injection bbs.it-home.org
- }
- Function stripslashes_array (& $ array ){
- If (is_array ($ array )){
- Foreach ($ array as $ k => $ v ){
- $ Array [$ k] = stripslashes_array ($ v );
- }
- } Else if (is_string ($ array )){
- $ Array = stripslashes ($ array );
- }
- Return $ array;
- }
- ?>
|