- <?php
-
-
- addslashes();
-
-
-
- strip_tags();
-
-
-
- function php_sava($str)
- {
- $farr = array(
- "/s+/",
- "/<(/?)(script|i?frame|style|html|body|title|link|meta|?|%)([^>]*?)>/isU",
- "/(<[^>]*)on[a-zA-Z]+s*=([^>]*>)/isU",
-
- );
- $tarr = array(
- " ",
- "<\1\2\3>",
- "\1\2",
- );
-
- $str = preg_replace( $farr,$tarr,$str);
- return $str;
- }
-
-
-
- class sqlin
- {
-
-
- function dowith_sql($str)
- {
- $str = str_replace("and","",$str);
- $str = str_replace("execute","",$str);
- $str = str_replace("update","",$str);
- $str = str_replace("count","",$str);
- $str = str_replace("chr","",$str);
- $str = str_replace("mid","",$str);
- $str = str_replace("master","",$str);
- $str = str_replace("truncate","",$str);
- $str = str_replace("char","",$str);
- $str = str_replace("declare","",$str);
- $str = str_replace("select","",$str);
- $str = str_replace("create","",$str);
- $str = str_replace("delete","",$str);
- $str = str_replace("insert","",$str);
- $str = str_replace("'","",$str);
- $str = str_replace(""","",$str);
- $str = str_replace(" ","",$str);
- $str = str_replace("or","",$str);
- $str = str_replace("=","",$str);
- $str = str_replace("%20","",$str);
-
- return $str;
- }
-
- function sqlin()
- {
- foreach ($_GET as $key=>$value)
- {
- $_GET[$key]=$this->dowith_sql($value);
- }
- foreach ($_POST as $key=>$value)
- {
- $_POST[$key]=$this->dowith_sql($value);
- }
- }
- }
-
- $dbsql=new sqlin();
- ?>
使用方式:将以上代码复制新建一个sqlin.php的文件,然后包含在有GET或者POST数据接收的页面.
原理:将所有的SQL关键字替换为空,本代码在留言本中不能使用,若要在留言本中使用请替换其中的.
- $str = str_replace("and","",$str);
-
- $str = str_replace("%20","",$str);
- $str = str_replace("and","and",$str);
- $str = str_replace("execute","execute",$str);
- $str = str_replace("update","update",$str);
- $str = str_replace("count","count",$str);
- $str = str_replace("chr","chr",$str);
- $str = str_replace("mid","mid",$str);
- $str = str_replace("master","master",$str);
- $str = str_replace("truncate","truncate",$str);
- $str = str_replace("char","char",$str);
- $str = str_replace("declare","declare",$str);
- $str = str_replace("select","select",$str);
- $str = str_replace("create","create",$str);
- $str = str_replace("delete","delete",$str);
- $str = str_replace("insert","insert",$str);
- $str = str_replace("'","'",$str);
- $str = str_replace(""",""",$str);
|