<?php
class sqlsafe {
private $getfilter = "'|(and|or)\b.+?(>|<|=|in|like)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
private $postfilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
private $cookiefilter = "\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
public function __construct() {
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){
$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);
showmsg('您提交的參數(shù)非法,系統(tǒng)已記錄您的本次操作!','',0,1);
}
}
public function writeslog($log){
$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';
$ts = fopen($log_path,"a+");
fputs($ts,$log."\r\n");
fclose($ts);
}
}This class library first constructs the function parameters, then checks and writes the log, and finally checks the SQL injection log. It is a very useful PHP class library to prevent SQL injection
All resources on this site are contributed by netizens or reprinted by major download sites. Please check the integrity of the software yourself! All resources on this site are for learning reference only. Please do not use them for commercial purposes. Otherwise, you will be responsible for all consequences! If there is any infringement, please contact us to delete it. Contact information: admin@php.cn
Related Article
How to avoid SQL injection in PHP?
20 May 2025
Avoiding SQL injection in PHP can be done by: 1. Use parameterized queries (PreparedStatements), as shown in the PDO example. 2. Use ORM libraries, such as Doctrine or Eloquent, to automatically handle SQL injection. 3. Verify and filter user input to prevent other attack types.
How to prevent SQL injection in Java?
14 Jul 2025
The core methods to prevent SQL injection include: 1. Use PreparedStatement to avoid SQL splicing and automatically escape input through parameterized queries; 2. Checksum filtering of user input, limiting illegal characters and input lengths; 3. Use ORM frameworks such as Hibernate and MyBatis to automatically handle parameter binding; 4. Follow the principle of minimum permissions and limit database account permissions; 5. Desensitize error information to avoid exposing system structure; 6. Regular update of dependency libraries to fix vulnerabilities; designing from the source to eliminate splicing SQL can effectively defend against the risk of injection.
php function to prevent sql injection
22 Jul 2025
The core method to prevent SQL injection is to use preprocessing statements and parameterized queries. 1. Use PDO preprocessing statements to bind user input through question marks or named parameters to ensure that the input is not executed as SQL code; 2. Use mysqli's preprocessing and bind_param method to clearly specify the parameter type to prevent malicious input from tampering with the SQL structure; 3. Avoid manually escape input, such as mysqli_real_escape_string, because it is prone to errors and insufficient security; 4. Use PHP built-in filter functions to verify input, such as filter_input and intval, to ensure the legality of the input data. These methods can effectively improve the security of PHP applications and prevent SQL
How Does Go's `database/sql` Library Prevent SQL Injection Attacks?
20 Dec 2024
Preventing SQL Injection Attacks in Go with the "database/sql" LibraryIn web development, SQL injection attacks pose a significant security...
How Does Go's 'database/sql' Library Prevent SQL Injection Attacks?
25 Dec 2024
Preventing SQL Injection Attacks with "database/sql" in GoWhen building web applications, securing input is crucial to prevent malicious attacks....
How to prevent SQL injection in PHP
12 Jul 2025
Key methods to prevent SQL injection in PHP include: 1. Use preprocessing statements (such as PDO or MySQLi) to separate SQL code and data; 2. Turn off simulated preprocessing mode to ensure true preprocessing; 3. Filter and verify user input, such as using is_numeric() and filter_var(); 4. Avoid directly splicing SQL strings and use parameter binding instead; 5. Turn off error display in the production environment and record error logs. These measures comprehensively prevent the risk of SQL injection from mechanisms and details.
Hot Tools
PHP library for dependency injection containers
PHP library for dependency injection containers
A collection of 50 excellent classic PHP algorithms
Classic PHP algorithm, learn excellent ideas and expand your thinking
Small PHP library for optimizing images
Small PHP library for optimizing images