$fiter = array("'|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)","\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)");
$query = array($_REQUEST,$_REQUEST);foreach ($fiter as $key => $value) {foreach ($query as $_k => $_v) {foreach ($_v as $__k => $__v) {
if (preg_match('/'.$value.'/is', $__v)){header('Location: /');}}}}
转载于:https://www.cnblogs.com/Jerry-blog/p/4974578.html
相关资源:防止sql注入的url过滤器【java filter】