/isu, /(]*)on[a-za-z]+s*=([^>]*>)/isu, ); $tarr = array( , , //如果要直接清除不安全的标签，这里可以留空 12, ); $str = preg_replace( $farr,$tarr,$str); return $str; } //php sql防注入代码 class sqlin { //dowith_sql($value) function dowith_sql($str) { $str = str_replace(and,,$str); $str = str_replace(execute,,$str); $str = str_replace(update,,$str); $str = str_replace(count,,$str); $str = str_replace(chr,,$str); $str = str_replace(mid,,$str); $str = str_replace(master,,$str); $str = str_replace(truncate,,$str); $str = str_replace(char,,$str); $str = str_replace(declare,,$str); $str = str_replace(select,,$str); $str = str_replace(create,,$str); $str = str_replace(delete,,$str); $str = str_replace(insert,,$str); $str = str_replace(',,$str); $str = str_replace(,,$str); $str = str_replace( ,,$str); $str = str_replace(or,,$str); $str = str_replace(=,,$str); $str = str_replace(%20,,$str); //echo $str; return $str; } //aticle()防sql注入函数//php教程 function sqlin() { foreach ($_get as $key=>$value) { $_get[$key]=$this->dowith_sql($value); } foreach ($_post as $key=>$value) { $_post[$key]=$this->dowith_sql($value); }} } $dbsql=new sqlin();
使用方式:将以上代码复制新建一个sqlin.php的文件,然后包含在有get或者post数据接收的页面.
原理:将所有的sql关键字替换为空,本代码在留言本中不能使用,若要在留言本中使用请替换其中的.
$str = str_replace(and,,$str); //到: $str = str_replace(%20,,$str);//的代码为: $str = str_replace(and,and,$str); $str = str_replace(execute,execute,$str); $str = str_replace(update,update,$str); $str = str_replace(count,count,$str); $str = str_replace(chr,chr,$str); $str = str_replace(mid,mid,$str); $str = str_replace(master,master,$str); $str = str_replace(truncate,truncate,$str); $str = str_replace(char,char,$str); $str = str_replace(declare,declare,$str); $str = str_replace(select,select,$str); $str = str_replace(create,create,$str); $str = str_replace(delete,delete,$str); $str = str_replace(insert,insert,$str); $str = str_replace(',',$str); $str = str_replace(\,",$str);
永久地址：
转载随意~请带上教程地址吧^^