Обрашение К Разработчикам
1 ответов290 просмотровСейчас просматривают: 1
· 17.08.2008, 22:23
Код
<?php
error_reporting(0);
foreach ( get_included_files() as $value )
{
if (strstr($value,'://')) die ( ' remote file inclusion ' );
}
function sql_escape($string)
{
$sqlescape = array( "\x00" => '\x00',
"\n" => '\n',
"\r" => '\r',
'\\' => '\\\\',
'\'' => '\\\'',
'%' => '\%',
'_' => '\_',
'"' => '\\"');
return trim(strtr($string,$sqlescape) , "\x00..\x1F" );
}
if (!get_magic_quotes_gpc())
{
foreach ($_POST as $value => $key)
{ $_POST[$value] = sql_escape ($key); }
foreach ($_GET as $value => $key)
{ $_GET[$value] = sql_escape ($key); }
foreach ($_COOKIE as $value => $key)
{ $_COOKIE[$value] = sql_escape ($key); }
foreach ($_SESSION as $value => $key)
{ $_SESSION[$value] = sql_escape ($key); }
}
foreach ($_REQUEST as $value => $key)
{ if (is_numeric($value)) die ( ' unset hashtable destruction ' ); }
extract($_REQUEST,EXTR_SKIP);
?>
error_reporting(0);
foreach ( get_included_files() as $value )
{
if (strstr($value,'://')) die ( ' remote file inclusion ' );
}
function sql_escape($string)
{
$sqlescape = array( "\x00" => '\x00',
"\n" => '\n',
"\r" => '\r',
'\\' => '\\\\',
'\'' => '\\\'',
'%' => '\%',
'_' => '\_',
'"' => '\\"');
return trim(strtr($string,$sqlescape) , "\x00..\x1F" );
}
if (!get_magic_quotes_gpc())
{
foreach ($_POST as $value => $key)
{ $_POST[$value] = sql_escape ($key); }
foreach ($_GET as $value => $key)
{ $_GET[$value] = sql_escape ($key); }
foreach ($_COOKIE as $value => $key)
{ $_COOKIE[$value] = sql_escape ($key); }
foreach ($_SESSION as $value => $key)
{ $_SESSION[$value] = sql_escape ($key); }
}
foreach ($_REQUEST as $value => $key)
{ if (is_numeric($value)) die ( ' unset hashtable destruction ' ); }
extract($_REQUEST,EXTR_SKIP);
?>
Разработчикам на будушее sql inject xss
0
Войдите или зарегистрируйтесь чтобы ответить
