Ejemplos de check_sql_inject en PHP

Lenguaje de programación: PHP

Método / Función: check_sql_inject

Ejemplos en hotexamples.com: 2

PHP check_sql_inject - 2 ejemplos encontrados. Estos son los ejemplos en PHP del mundo real mejor valorados de check_sql_inject extraídos de proyectos de código abierto. Puedes valorar ejemplos para ayudarnos a mejorar la calidad de los ejemplos.

Ejemplo n.º 1

Mostrar archivo

Archivo: def.php Proyecto: shendel/MinecraftSkinSystem

    $ret_string = str_replace("^", "", $ret_string);
    $ret_string = str_replace("&", "", $ret_string);
    $ret_string = str_replace("(", "", $ret_string);
    $ret_string = str_replace(")", "", $ret_string);
    $ret_string = str_replace("=", "", $ret_string);
    $ret_string = str_replace("+", "", $ret_string);
    $ret_string = str_replace("%00", "", $ret_string);
    $ret_string = str_replace(";", "", $ret_string);
    $ret_string = str_replace(":", "", $ret_string);
    $ret_string = str_replace("|", "", $ret_string);
    $ret_string = str_replace("<", "", $ret_string);
    $ret_string = str_replace(">", "", $ret_string);
    $ret_string = str_replace("~", "", $ret_string);
    $ret_string = str_replace("`", "", $ret_string);
    $ret_string = str_replace("%20and%20", "", $ret_string);
    $ret_string = stripslashes($ret_string);
    return $ret_string;
}
function check_sql_inject()
{
    $badchars = array("--", "truncate", "tbl_", "exec", ";", "'", "*", "/", " \\ ", "drop", "select", "update", "delete", "where", "-1", "-2", "-3", "-4", "-5", "-6", "-7", "-8", "-9");
    foreach ($_POST as $value) {
        foreach ($badchars as $bad) {
            if (strstr(strtolower($value), $bad) != FALSE) {
                die('Использованы недопустимые символы, <a href="' . $_SERVER['PHP_SELF'] . '">вернитесь назад</a>');
            }
        }
    }
}
check_sql_inject();
db_mysql_check_xss();

Ejemplo n.º 2

Mostrar archivo

Archivo: SortSearchAction.class.php Proyecto: Roc2Z/part-time-job-master

 /**
  *
  * @param style   兼职类型
  * @param wage    工资
  * @param address 地点
  * @param isvld   认证
  * @param peonum  人数
  * @param wt 	     工作时间长
  * @param py      付款方式
  * @param time    时间段
  */
 public function search()
 {
     C('URL_MODEL', 0);
     $this->showMolds();
     $this->showAddress();
     $this->showRouteNav();
     //生成选项的URL
     $nurl = __SELF__;
     //取得当前的URL
     foreach ($this->all_fields as $key => $value) {
         $the_url = "";
         if (strpos($nurl, $key)) {
             $the_url = preg_replace("/&{$key}=.*?&/", '&', $nurl);
             //在url中间
             if ($nurl == $the_url) {
                 $the_url = preg_replace("/&{$key}=.*\$/", '', $nurl);
                 //在url末尾
             }
             $the_url = preg_replace("/&p=\\d*\$/", '', $the_url);
             $the_url = preg_replace("/&p=\\d*&/", '&', $the_url);
         } else {
             $the_url = $nurl;
         }
         //模板赋值
         $this->assign("now_url_" . $key, $the_url);
     }
     //生成GET请求的数组
     //$filter = "";
     $arr_get = array();
     foreach ($_GET as $key => $value) {
         //因为thinkphp中$_GET中存在_URL_
         if ($key == '_URL_') {
             continue;
         }
         //检测sqlInjection
         $value = check_sql_inject($value);
         $arr_get[$key] = $value;
     }
     //转换范围为相应字段
     $city_str = '';
     if ($arr_get['address']) {
         $Address = M('Address');
         $city_str = $Address->field('city')->find($arr_get['address']);
     }
     //xm_jobs表中搜索
     $Job = M('jobs');
     $Job->query("SET sql_mode = 'NO_UNSIGNED_SUBTRACTION'");
     $where = "(" . time() . "- expire_time)<0" . " AND " . "is_pass=0" . " AND " . $this->strongWhere($arr_get['style'], "mold_id", "AND") . $this->strongWhere($arr_get['wage'], "money", "AND", '', ":") . $this->strongWhere($city_str['city'], "city", "AND") . $this->strongWhere($arr_get['peonum'], "want_peo", "AND", '', ':') . $this->strongWhere($arr_get['py'], 'pay_way', 'AND') . $this->strongWhere($arr_get['wt'], "work_time", "AND", '', ":") . $this->strongWhere($arr_get['time'], "begin_time", "AND", '', ":") . "1=1";
     $field = "xm_jobs.title AS title,\n\t\t\t\t  xm_jobs.address AS address,\n\t\t\t\t  xm_jobs.jid AS jid,\n\t\t\t\t  xm_jobs.want_peo AS want_peo,\n\t\t\t\t  xm_jobs.current_peo AS current_peo,\n\t\t\t\t  xm_jobs.money,\n\t\t\t\t  money_style,\n\t\t\t\t  xm_mold.name AS moldname,\n\t\t\t\t  xm_jobs.begin_time AS begin_time,\n\t\t\t\t  xm_jobs.work_time AS wktime,\n\t\t\t\t  xm_jobs.pv AS pv,\n\t\t\t\t  addressname";
     $join = "INNER JOIN `xm_orgs` ON xm_orgs.oid=xm_jobs.pub_oid" . $this->strongWhere($arr_get['isvld'], 'xm_orgs.is_validate', 'AND', true);
     $join_mold = "LEFT JOIN `xm_mold` ON xm_mold.mid = xm_jobs.mold_id";
     import('ORG.Util.Page');
     $count = $Job->where($where)->join($join)->count();
     $Page = new Page($count, 15);
     $show = $Page->show();
     $this->assign("page", $show);
     $arr2 = $Job->field($field)->join($join)->join($join_mold)->limit($Page->firstRow . ',' . $Page->listRows)->where($where)->select();
     //dump($Job->getLastSql());
     if ($arr2) {
         $this->assign("job_list", $arr2);
     } elseif (is_null($arr2)) {
         $this->assign("error_info", "没有符合要求的结果");
     } else {
         $this->assign("error_info", "检索出错");
     }
     $this->display('index');
 }