PHP 基本的な方法SQLインジェクション

//SQLインジェクション関数
function inject_check($sql_str){
$check = eregi('select|insert|update|delete|\*|\/\*|\’|\.\.\/|\.\/|UNION|into|load_file|outfile’,$sql_str);
if($check){
page_href(“http://".$_SERVER['HTTP_HOST’]."/home/sitemap.php");
exit();
}else{
return $sql_str;
}
}
//サイト攻撃を防ぐ
function inject_check2($sql_str){
$check = eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|
embed|object|iframe|frame
|frameset|ilayer|layer|bgsound|title|base|onabort|onactivate|onafterprint|
onafterupdate|
onbeforeactivate
|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|
onbeforeprint|
onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|
oncontextmenu
|oncontrolselect|
oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|
ondeactivate
|ondrag|ondragend|
ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror|onerrorupdate|
onfilterchange
|onfinish|onfocus|
onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|
onlosecapture|onmousedown|
onmouseenter|onmouseleave|onmousemove|onmouseout|onmouseover|onmouseup|
onmousewheel|onmove
|onmoveend|
onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|onresize|
onresizeend
|onresizestart|onrowenter
|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange
|onselectstart|onstart
|onstop|onsubmit|onunload’,$sql_str);
if($check){
page_href(“http://".$_SERVER['HTTP_HOST’]."/startnews24/sitemap.php");
exit();
}else{
//return $sql_str;
}
}

Source

Posted by arkgame