防SQL注入的php类库

防SQL注入的php类库

<?php
class sqlsafe {
private \(getfilter = "'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
private \)postfilter = “\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|\/\*.+?\*\/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)”;
private \(cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
public function __construct() {
foreach(\)_GET as \(key=>\)value){\(this->stopattack(\)key,\(value,\)this->getfilter);}
foreach(\(_POST as \)key=>\(value){\)this->stopattack(\(key,\)value,\(this->postfilter);}
foreach(\)_COOKIE as \(key=>\)value){\(this->stopattack(\)key,\(value,\)this->cookiefilter);}
}
public function stopattack(\(StrFiltKey, \)StrFiltValue, \(ArrFiltReq){
if(is_array(\)StrFiltValue))\(StrFiltValue = implode(\)StrFiltValue);
if (preg_match(“/”.\(ArrFiltReq."/is",\)StrFiltValue) == 1){
\(this->writeslog(\)_SERVER[“REMOTE_ADDR”].“    ”.strftime(“%Y-%m-%d %H:%M:%S”).“    ”.\(_SERVER["PHP_SELF"]."    ".\)_SERVER[“REQUEST_METHOD”].“    ”.\(StrFiltKey."    ".\)StrFiltValue);
showmsg(‘您提交的参数非法,系统已记录您的本次操作！’,‘’,0,1);
}
}
public function writeslog(\(log){
\)log_path = CACHE_PATH.‘logs’.DIRECTORY_SEPARATOR.‘sql_log.txt’;
\(ts = fopen(\)log_path,“a+”);
fputs(\(ts,\)log.“\r\n”);
fclose($ts);
}
}