复制代码 代码如下:

<?php
class sqlsafe {
private $getfilter = \"\'|(and|or)\\\\b.+?(>|<|=|in|like)|\\\\/\\\\*.+?\\\\*\\\\/|<\\\\s*script\\\\b|\\\\bEXEC\\\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\\\s+(TABLE|DATABASE)\";
private $postfilter = \"\\\\b(and|or)\\\\b.{1,6}?(=|>|<|\\\\bin\\\\b|\\\\blike\\\\b)|\\\\/\\\\*.+?\\\\*\\\\/|<\\\\s*script\\\\b|\\\\bEXEC\\\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\\\s+(TABLE|DATABASE)\";
private $cookiefilter = \"\\\\b(and|or)\\\\b.{1,6}?(=|>|<|\\\\bin\\\\b|\\\\blike\\\\b)|\\\\/\\\\*.+?\\\\*\\\\/|<\\\\s*script\\\\b|\\\\bEXEC\\\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\\\s+(TABLE|DATABASE)\";
/**
* 构造函数
*/
public function __construct() {
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);}
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);}
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);}
}
/**
* 参数检查并写日志
*/
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue);
if (preg_match(\"/\".$ArrFiltReq.\"/is\",$StrFiltValue) == 1){
$this->writeslog($_SERVER[\"REMOTE_ADDR\"].\" \".strftime(\"%Y-%m-%d %H:%M:%S\").\" \".$_SERVER[\"PHP_SELF\"].\" \".$_SERVER[\"REQUEST_METHOD\"].\" \".$StrFiltKey.\" \".$StrFiltValue);
showmsg(\'您提交的参数非法,系统已记录您的本次操作！\',\'\',0,1);
}
}
/**
* SQL注入日志
*/
public function writeslog($log){
$log_path = CACHE_PATH.\'logs\'.DIRECTORY_SEPARATOR.\'sql_log.txt\';
$ts = fopen($log_path,\"a+\");
fputs($ts,$log.\"\\r\\n\");
fclose($ts);
}
}
?>