<?php
/*************************
说明:判断传递的变量中是否含有非法字符,如$_POST、$_GET
功能:防注入
**************************/
// 要过滤的非法字符
error_reporting(0);
$ArrFiltrate= array("'",";","union","=","UNION","and","from","WHERE","where","AND","FROM","INSERT","insert",
"UPDATE","update","SELECT","select","DELETE","delete",'"',"write","<",">","\*","\/","load_file","outfile");
// 出错后要跳转的url,不填则默认前一页
$StrGoUrl ="";
// 是否存在数组中的值
function FunStringExist($StrFiltrate, $ArrFiltrate) {
foreach ($ArrFiltrate as $key => $value) {
if (eregi($value, $StrFiltrate)) {
return true;
}
}
return false;
}
// 合并$_POST 和 $_GET
if(function_exists(array_merge)) {
$ArrPostAndGet = array_merge($_POST, $_GET);
}else{
foreach($_POST as $key => $value) {
$ArrPostAndGet[]= $value;
}
foreach($_GET as $key => $value) {
$ArrPostAndGet[] = $value;
}
}
// 验证开始
foreach($ArrPostAndGet as $key=>$value) {
if(FunStringExist($value, $ArrFiltrate)) {
echo "<script language=\"javascript\">alert('发现非法字符".$value."');window.history.go(-1);</script>";
if (empty($StrGoUrl)){
//echo "<script language=\"javascript\">window.history.go(-1)</script>";
} else {
//echo "<script language=\"javascript\">window.location=\"".$StrGoUrl."\";</script>";
}
echo "error!";
exit;
}
}
?>保存为checkpostandget.php
然后在每个php文件前加include(“checkpostandget.php“);即可
扫一扫
647
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
