| 代碼如下 | 複製代碼 |
| <? /************************* 說明: 判斷傳遞的變數中是否含有非法字元 如$_POST、$_GET 功能: 防注入 *************************/ //要過濾的非法字元 $ArrFiltrate=array("'","or","and","union","where"); //出錯後要跳轉的url,不填則預設前一頁 $StrGoUrl=""; //是否存在數組中的值 function FunStringExist($StrFiltrate,$ArrFiltrate){ foreach ($ArrFiltrate as $key=>$value){ if (eregi($value,$StrFiltrate)){ return true; } } return false; } //合并$_POST 和 $_GET if(function_exists(array_merge)){ $ArrPostAndGet=array_merge($HTTP_POST_VARS,$HTTP_GET_VARS); }else{ foreach($HTTP_POST_VARS as $key=>$value){ $ArrPostAndGet[]=$value; } foreach($HTTP_GET_VARS as $key=>$value){ $ArrPostAndGet[]=$value; } } //驗證開始 foreach($ArrPostAndGet as $key=>$value){ if (FunStringExist($value,$ArrFiltrate)){ echo "<script language='javascript'>alert('傳遞的資訊中不得包含{',or,and,union}等非法字元請您把他們換成{‘,OR,AND,UNION}');</script>"; if (empty($StrGoUrl)){ echo "<script language='javascript'>history.go(-1);</script>"; }else{ echo "<script language='javascript'>window.location='".$StrGoUrl."';</script>"; } exit; } } /***************結束防止PHP注入*****************/ ?> |
|
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
