复制代码 代码如下:

<?php

class sqlsafe {

private $getfilter = "'|(and|or)b.+?(>|<|=|in|like)|/*.+?*/|<s*scriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";

private $postfilter = "b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/*.+?*/|<s*scriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";

private $cookiefilter = "b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/*.+?*/|<s*scriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";

/**

* 构造函数

*/

public function __construct() {

foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}

foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}

foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}

}

/**

* 参数检查并写日志

*/

public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){

if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);

if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){

$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue);

showmsg('您提交的参数非法,系统已记录您的本次操作！','',0,1);

}

}

/**

* SQL注入日志

*/

public function writeslog($log){

$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt';

$ts = fopen($log_path,"a+");

fputs($ts,$log."rn");

fclose($ts);

}

}

?>