Greitai ir kokybiškai!
ID: 3
Įdėjo: iRecH
Pavadinimas: PHP apsauga nuo xss ir sqli
kategorija: php
< AtgalĮdėjo: iRecH
Pavadinimas: PHP apsauga nuo xss ir sqli
kategorija: php
<?php
# => BY inkulto
/////apsauga nuo SQL Injectio ir nuo XSS ataką
function apsauga($txt) { return htmlentities($txt, ENT_QUOTES, 'utf-8'); }
$_GET = array_map("apsauga",$_GET);
$_POST = array_map("apsauga",$_POST);
$_COOKIE = array_map("apsauga",$_COOKIE);
$_SERVER = array_map("apsauga",$_SERVER);
//** GET APSAUGAI
foreach ($_GET as $check_url) {
if ((@eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (@eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
(@eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (@eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
(@eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (@eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
(@eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (@eregi("\([^>]*\"?[^)]*\)", $check_url)) ||
(@eregi("\"", $check_url))) {
die ('error ,apsauga nuo sql injection!!!');
}
}
unset($check_url);
//** POST APSAUGAI
foreach ($_POST as $check_url) {
if ((@eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (@eregi("<[^>]*object*\"?[^>]*>", $check_url)) ||
(@eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (@eregi("<[^>]*applet*\"?[^>]*>", $check_url)) ||
(@eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (@eregi("<[^>]*style*\"?[^>]*>", $check_url)) ||
(@eregi("<[^>]*form*\"?[^>]*>", $check_url)) ||
(@eregi("\"", $check_url))) {
die ('error ,apsauga nuo sql injection!!!');
}
}
unset($check_url);
?>
© Copyright: iRecH 2025 m.
RAM 58.73 KB
RAM 58.73 KB