QQ 1640076782
<?php
/***********防止SQL注入检测程序**************/
/*@auth:lihao*/
/**********************************************/
/******环境变量设置*******/
@ini_set(‘display_errors’,'Off’);
//ini_set(‘register_globals’,'Off’);
@error_reporting(0);
//设置时区
date_default_timezone_set(‘Asia/Chongqing’);
setlocale(LC_ALL, ”);
if(PHP_VERSION < ’4.1.0′) {
$_GET = &$HTTP_GET_VARS;
$_POST = &$HTTP_POST_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_ENV = &$HTTP_ENV_VARS;
$_FILES = &$HTTP_POST_FILES;
}
isset($_REQUEST['GLOBALS']) && exit(‘Access Error’); //防止修改GLOBALS
//define(‘IN_WEBROOT’,'ON’); //此常数意义在于,如果直接访问没有require本页面的页面时,不执行该页面
$error_log = dirname(__FILE__).”/errors.txt”;
/**********end************/
$filter_arr=array(“\’”,”\;”,”\/”,”\/\*”,”\*”,”\.\.\/”,”\.\/”,”union”,”select”,”update”,”delete”,”insert”,”into”,”load_file”,”outfile”); //要过滤的非法字符,注意是否区分大小写
$error_url=”"; //出错后要跳转的url,为空则为当前页
$window_pop=1;//是否弹出窗口提示
//对GET , POST 特殊字符过滤
// 1.合并POST GET
if (function_exists(array_merge)) {
$gp_arr = array_merge($_POST,$_GET);
}else{
foreach ($_POST as $key => $val){
$gp_arr[] = $val ;
}
foreach ($_GET as $key => $val ){
$gp_arr[] = $val ;
}
}
//2.检测函数
function check_gp($gp_arr_string,$filter_arr){
foreach ($filter_arr as $key => $value ){
if (eregi($value,$gp_arr_string)) {
$buffer = ‘用户IP:’.$_SERVER['REMOTE_ADDR'].’->’.date(‘Y-m-d H-i-s’).”受到危害的字符:”.$value.’->提交的字符:’.$gp_arr_string.”\r\n”;
$buffer.=’访问文件:’.str_replace(‘\\\\’,'/’,(isset($_SERVER['PATH_TRANSLATED']) ? $_SERVER['PATH_TRANSLATED'] : $_SERVER['SCRIPT_FILENAME'])).”\r\n”;
$buffer.=’——————————————————————————————’.”\r\n”;
error_log_function($buffer);
return true ;
}
}
return false ;
}
//3.检测
foreach ($gp_arr as $key =>$val){
if (check_gp($val,$filter_arr)) {
/*弹出窗口提示*/
if ($window_pop) {
echo “<script language=\”javascript\”>alert(‘You enter illegal characters’);</script>”;
echo “<script language=\”javascript\”>history.go(-1);</script>”;
}
/*执行过滤操作*/
/*
foreach (array(‘_GET’,'_POST’) as $_request) {
foreach ($$_request as $_key => $_value ){
$_key{0} != ‘_’ && $$_key = secu_filter($_value);
}
}*/
}
}
//4.写入文件函数
function error_log_function($buffer){
global $error_log ;
$fp = @fopen($error_log,’a+’);
if (@fwrite($fp,$buffer)) {
}
fclose($fp);
}
/*********************************/
/**********过滤函数************/
function secu_filter($string){
if(is_array($string)) {
foreach($string as $key => $val) {
$string[$key] = secu_filter($val); //递归
}
} else {
$string = str_replace(‘.’,”,$string);
$string =str_replace(‘;’,”,$string);
$string =str_replace(‘/’,”,$string);
$string =str_replace(‘/*’,”,$string);
$string =str_replace(‘*’,”,$string);
$string =str_replace(‘../’,”,$string);
$string =str_replace(‘./’,”,$string);
$string =str_replace(‘union’,”,$string);
$string =str_replace(‘select’,”,$string);
$string=str_replace(‘update’,”,$string);
$string =str_replace(‘delete’,”,$string);
$string =str_replace(‘insert’,”,$string);
$string =str_replace(‘into’,”,$string);
$string =str_replace(‘load_file’,”,$string);
$string =str_replace(‘out_file’,”,$string);
}
return $string;
}
?>
xueposter@gmail.com