防范SQL注入漏洞

字体大小: 中小标准 ->行高大小: 标准中大

//*******************check.php**********************************

//防范SQL注入漏洞
function checkIlldalWord()
{
//定义不允许提交的SQL命令及关键字
$words = array();
$words[] = " add ";
$words[] = " count ";
$words[] = " create ";
$words[] = " delete ";
$words[] = " drop ";
$words[] = " from ";
$words[] = " grant ";
$words[] = " insert ";
$words[] = " select ";
$words[] = " truncate ";
$words[] = " update ";
$words[] = "use ";
$words[] = "-- ";

//判断提交的数据中是否存在以上关键字,$_REQUEST中含有所有提交数据
foreach($_REQUEST as $strGot)
{
   $strGot = strtolower($strGot);//转为小写
   foreach($words as $word)
   {
    if(strstr($strGot,$word))
    {
     echo "您输入的内容含有非法字符!";
     exit;//退出运行
    }
   }
}
}
checkIlldalWord();
?>

此文章由 http://www.ositren.com 收集整理 ,地址为: http://www.ositren.com/htmls/1169.html

相关

·PHP+mySQL环境下的sql手工注入教程	·PHP SQL 注入攻击的技术实现以及预防办法
·PHP与SQL注入攻击	·数据库安全之SQL 注入
·木马(5讲) php 一句话木马原理	·木马(4讲)零魂PHP一句话木马客户端(一键提交版)
·木马(3讲)PHP一句话木马后门隐藏技巧	·木马(2讲)浅谈MySQL导出一句话木马拿WebShell的