09月22日, 2014 2141次
通常我们针对sql注入进行过滤
post get file 这些都会在编码时候处理
后端经常忽略cookie方面处理 可以做个统一的过滤放在头部
<?php error_reporting(E_ALL ^ E_NOTICE); header('expires: '.date('d,d m y h:i:s',mktime(0,0,0,1,1,2000)).' gmt'); header('last-modified:'.gmdate('d,d m y h:i:s').' gmt'); header('cache-control: private, no-cache,must-revalidate'); header('pragma: no-cache'); foreach( $_COOKIE as $cookieitem) { check($cookieitem); } function check($cookieitem) { $cookieitem = trim($cookieitem); if (empty($cookieitem)) { echo "<script language='javascript' type='text/javascript'>alert ('表单不能为空!');</script>" ; exit(); } else { $cookieitem_sl=strtolower($cookieitem); $cookieitem_sl_hsc = htmlspecialchars($cookieitem_sl); $target_arr = array("#","$","^","%","*","/","\\","&","--","select","join","union","where","insert","delete","update","like","drop","create","modify","rename","alter","case","css",'exec', 'concat','http:','https:','ftp:','ftps:','expression','applet','meta','xml', 'blink','link', 'style', 'script','embed','object','frame','layer', 'bgsound', 'title', 'base','onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit','onunload'); $res_cookie_item= str_replace($target_arr,'',$cookieitem_sl_hsc); if($cookieitem_sl!=$res_cookie_item) { echo "<script language='javascript' type='text/javascript'>alert ('警告!非法操作!');</script>" ; exit(); } else { return $cookieitem; } } } ?>
暂无留言,赶快评论吧