標籤:類型 this 過濾 char 文法 php sel div 支援
簡單封裝PHP操作MySQL的類
<?php/* 類的名稱:Model 類的作用:串連資料庫執行sql語句 作 者:lim 更新時間:20170812*/ class Model{ //存放串連資料庫的資源 private $link; //構造串連資料庫 public function __construct(){ $link = mysqli_connect(HOST,USER,PWD,DBNAME) or die(‘資料庫連接失敗‘); $this->link = $link; mysqli_set_charset($this->link,‘utf8‘); } /* 函數名稱:query() 函數作用:處理查詢 參 數:$sql: 提交的sql語句 返 回 值:返回一個二維數組 */ public function query($sql){ //過濾sql $sql=$this->CheckSql($sql); $res = mysqli_query($this->link,$sql); $list = array(); if($res){ while($row=mysqli_fetch_assoc($res)){ $list[] = $row; } return $list; } return "sql語句出錯=> {$sql} "; } /* 函數名稱:execute() 函數作用:處理增刪改 參 數:$sql: 提交的sql語句 返 回 值:如果是添加返回id 如果是刪除和修改返回影響行數 */ public function execute($sql){ //過濾sql $sql=$this->CheckSql($sql,"addupddel"); $res = mysqli_query($this->link,$sql); if($res){ return (mysqli_insert_id($this->link))?mysqli_insert_id($this->link):mysqli_affected_rows($this->link); } return "sql語句出錯=> {$sql} "; } /* 函數名稱:CheckSql() 函數作用:SQL語句過濾程式,由80sec提供,這裡作了適當的修改 參 數:$sql: 處理的sql語句 參 數:$querytype: 類型 返 回 值:返回處理後的sql語句 */ private function CheckSql($sql, $querytype=‘select‘) { $clean = ‘‘; $error = ‘‘; $pos = -1; $old_pos = 0; //如果是普通查詢語句,直接過濾一些特殊文法 if($querytype == ‘select‘) { if(preg_match(‘/[^[email protected]\._-]{1,}(union|sleep|benchmark|load_file|outfile)[^[email protected]\.-]{1,}/‘, $sql)) { die(‘sql非法!‘); } } //完整的SQL檢查 while(true) { $pos = strpos($sql, ‘\‘‘, $pos + 1); if($pos === false) { break; } $clean .= substr($sql, $old_pos, $pos - $old_pos); while(true) { $pos1 = strpos($sql, ‘\‘‘, $pos + 1); $pos2 = strpos($sql, ‘\\‘, $pos + 1); if($pos1 === false) { break; } else if($pos2 == false || $pos2 > $pos1) { $pos = $pos1; break; } $pos = $pos2 + 1; } $clean .= ‘$s$‘; $old_pos = $pos + 1; } $clean .= substr($sql, $old_pos); $clean = trim(strtolower(preg_replace(array(‘~\s+~s‘ ), array(‘ ‘), $clean))); //老版本的Mysql並不支援union,常用的程式裡也不使用union,但是一些駭客使用它,所以檢查它 if(strpos($clean, ‘union‘) !== false && preg_match(‘~(^|[^a-z])union($|[^[a-z])~s‘, $clean) != 0) { $fail = true; $error = ‘union detect‘; } //發布版本的程式可能比較少包括--,#這樣的注釋,但是駭客經常使用它們 else if(strpos($clean, ‘/*‘) > 2 || strpos($clean, ‘--‘) !== false || strpos($clean, ‘#‘) !== false) { $fail = true; $error = ‘comment detect‘; } //這些函數不會被使用,但是駭客會用它來操作檔案,down掉資料庫 else if(strpos($clean, ‘sleep‘) !== false && preg_match(‘~(^|[^a-z])sleep($|[^[a-z])~s‘, $clean) != 0) { $fail = true; $error = ‘slown down detect‘; } else if(strpos($clean, ‘benchmark‘) !== false && preg_match(‘~(^|[^a-z])benchmark($|[^[a-z])~s‘, $clean) != 0) { $fail = true; $error = ‘slown down detect‘; } else if(strpos($clean, ‘load_file‘) !== false && preg_match(‘~(^|[^a-z])load_file($|[^[a-z])~s‘, $clean) != 0) { $fail = true; $error = ‘file fun detect‘; } else if(strpos($clean, ‘into outfile‘) !== false && preg_match(‘~(^|[^a-z])into\s+outfile($|[^[a-z])~s‘, $clean) != 0) { $fail = true; $error = ‘file fun detect‘; } //老版本的MYSQL不支援子查詢,我們的程式裡可能也用得少,但是駭客可以使用它來查詢資料庫敏感資訊 else if(preg_match(‘~\([^)]*?select~s‘, $clean) != 0) { $fail = true; $error = ‘sub select detect‘; } if(!empty($fail)) { die(‘sql非法!!‘); } else { return $sql; } } }
PHP資料庫類
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
