12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
ADADADADAD
建站问答 时间:2024-12-01 19:10:09
作者:文/会员上传
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
12-09
php预防sql注入漏洞的方法:利用magic_quotes_gpc指令或它的搭挡addslashes()函数进行过滤,例如:<?php//php防注入和XSS攻击通用过滤$_GET&&SafeFilter($_GET);$_POST&&SafeFilt
以下为本文的正文内容,内容仅供参考!本站为公益性网站,复制本文以及下载DOC文档全部免费。
php预防sql注入漏洞的方法:
利用magic_quotes_gpc指令或它的搭挡addslashes()函数进行过滤,例如:
<?php//php防注入和XSS攻击通用过滤
$_GET&&SafeFilter($_GET);
$_POST&&SafeFilter($_POST);
$_COOKIE&&SafeFilter($_COOKIE);
functionSafeFilter(&$arr)
{
$ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/'
,'/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/'
,'/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/',
'/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/'
,'/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
if(is_array($arr))
{
foreach($arras$key=>$value)
{
if(!is_array($value))
{
if(!get_magic_quotes_gpc())//不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
{
$value=addslashes($value);//给单引号(')、双引号(")、反斜线(\)与NUL(NULL字符)
加上反斜线转义
}
$value=preg_replace($ra,'',$value);//删除非打印字符,粗暴式过滤xss可疑字符串
$arr[$key]=htmlentities(strip_tags($value));//去除HTML和PHP标记并转换为HTML实体
}
else
{
SafeFilter($arr[$key]);
}
}
}
}
?>
11-20
11-19
11-20
11-20
11-20
11-19
11-20
11-20
11-19
11-20
11-19
11-19
11-19
11-19
11-19
11-19