本文整理汇总了PHP中inject_check函数的典型用法代码示例。如果您正苦于以下问题:PHP inject_check函数的具体用法?PHP inject_check怎么用?PHP inject_check使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了inject_check函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: strCheck
function strCheck($str)
{
if (inject_check($str)) {
die('非法参数');
}
//注入判断
$str = htmlspecialchars($str);
return $str;
}示例2: checkLogin
function checkLogin()
{
if (empty($_POST['username'])) {
$this->error("帐号错误");
} elseif (empty($_POST['password'])) {
$this->error("密码必须!");
} elseif (empty($_POST['verify'])) {
$this->error('验证码必须!');
}
if (md5($_POST['verify']) != $_SESSION['verify']) {
$this->error('验证码错误!');
}
//生成认证条件
$map = array();
// 支持使用绑定帐号登录
$map['username'] = inject_check($_POST['username']);
$map["status"] = array('gt', 0);
import('ORG.Util.RBAC');
$authInfo = RBAC::authenticate($map);
//使用用户名、密码和状态的方式进行认证
if (false === $authInfo) {
$this->error('帐号不存在!');
}
if (empty($authInfo)) {
$this->error('帐号不存在或已禁用!');
}
$pwdinfo = strcmp($authInfo['password'], md5('wk' . trim($_POST['password']) . 'cms'));
if ($pwdinfo != 0) {
$this->error('密码错误!');
}
$_SESSION[C('USER_AUTH_KEY')] = $authInfo['id'];
$_SESSION['username'] = $_POST['username'];
$_SESSION['cookietime'] = time();
$role = M('role_admin');
$authInfo['role_id'] = $role->where('user_id=' . $authInfo['id'])->getField('role_id');
if ($authInfo['role_id'] == '1') {
$_SESSION[C('ADMIN_AUTH_KEY')] = true;
}
//保存登录信息
$admin = M('admin');
$ip = get_client_ip();
$time = time();
$data = array();
$data['id'] = $authInfo['id'];
$data['lastlogintime'] = $time;
$data['lastloginip'] = $ip;
$admin->save($data);
// 缓存访问权限
RBAC::saveAccessList();
//保存cookie信息
import('ORG.Util.Cookie');
Cookie::set($_SESSION['cookietime'], '1', 60 * 60 * 3);
//dump($_SESSION);
$this->index();
}示例3: str_check
function str_check($str)
{
if (inject_check($str)) {
echo $str;
die('非法参数');
}
//注入判断
$str = htmlspecialchars($str);
//转换html
return $str;
}示例4: index
public function index()
{
inject_check($_GET['aid']);
$mood = M('mood');
$list = $mood->where('aid=' . intval($_GET['aid']))->find();
if ($list) {
echo "{$list['mood1']},{$list['mood2']},{$list['mood3']},{$list['mood4']},{$list['mood5']},{$list['mood6']},{$list['mood7']},{$list['mood8']}";
} else {
$data['aid'] = intval($_GET['aid']);
$mood->add($data);
echo "0,0,0,0,0,0,0,0";
}
}示例5: ajax_arclist
function ajax_arclist()
{
$prefix = !empty($_REQUEST['prefix']) ? (bool) $_REQUEST['prefix'] : true;
//表过滤防止泄露信息,只允许的表
if (!in_array($_REQUEST['model'], array('article', 'type', 'ad', 'label', 'link'))) {
exit;
}
if (!empty($_REQUEST['model'])) {
if ($prefix == true) {
$model = C('DB_PREFIX') . $_REQUEST['model'];
} else {
$model = $_REQUEST['model'];
}
} else {
$model = C('DB_PREFIX') . 'article';
}
$order = !empty($_REQUEST['order']) ? inject_check($_REQUEST['order']) : '';
$num = !empty($_REQUEST['num']) ? inject_check($_REQUEST['num']) : '';
$where = !empty($_REQUEST['where']) ? inject_check(urldecode($_REQUEST['where'])) : '';
//使where支持 条件判断,添加不等于的判断
$page = false;
if (!empty($_REQUEST['page'])) {
$page = (bool) $_REQUEST['page'];
}
$pagesize = !empty($_REQUEST['pagesize']) ? intval($_REQUEST['pagesize']) : '10';
//$query =!empty($_REQUEST['sql'])?$_REQUEST['sql']:'';//太危险不用
$field = '';
if (!empty($_REQUEST['field'])) {
$f_t = explode(',', inject_check($_REQUEST['field']));
$f_t = array_map('urlencode', $f_t);
$field = implode(',', $f_t);
}
$m = new Model($model, NULL);
//如果使用了分页,缓存也不生效
if ($page) {
import("ORG.Util.Page");
//这里改成你的Page类
$count = $m->where($where)->count();
$total_page = ceil($count / $pagesize);
$p = new Page($count, $pagesize);
//如果使用了分页,num将不起作用
$t = $m->field($field)->where($where)->limit($p->firstRow . ',' . $p->listRows)->order($order)->select();
//echo $m->getLastSql();
$ret = array('total_page' => $total_page, 'data' => $t);
}
//如果没有使用分页,并且没有 query
if (!$page) {
$ret = $m->field($field)->where($where)->order($order)->limit($num)->select();
}
$this->ajaxReturn($ret, '返回信息', 1);
}示例6: index
public function index()
{
inject_check($_GET['aid']);
inject_check($_GET['page']);
$pl = M('pl');
$config = F('basic', '', './Web/Conf/');
$data['status'] = 1;
$data['aid'] = intval($_GET['aid']);
$list = $pl->where($data)->select();
if (!$list) {
$this->display(TMPL_PATH . cookie('think_template') . '/pl_nopl.html', 'utf-8', 'text/xml');
exit;
}
$count = $pl->where($data)->count();
$this->assign('allnum', $count);
$pagenum = 6;
//每六条分页
$pages = ceil($count / $pagenum);
//总页数
$prepage = ($_GET['page'] - 1) * $pagenum;
$endpage = $_GET['page'] * $pagenum;
$tempnum = $pagenum * $_GET['page'];
$lastnum = $tempnum < $count ? $tempnum : $count;
$plist = $pl->where($data)->order('ptime asc')->limit($prepage . ',' . $endpage)->select();
foreach ($plist as $k => $v) {
if (!empty($v['recontent'])) {
$v['recontent'] = '<font color=red><b>管理员回复:' . $v['recontent'] . '</b></font>';
}
$pp[$k] = $v;
$pp[$k]['num'] = $k + 1 + (intval($_GET['page']) - 1) * $pagenum;
}
//封装变量
$this->assign('nowpage', intval($_GET['page']));
//当前页
$this->assign('pages', $pages);
//总页数
$this->assign('aid', intval($_GET['aid']));
//文章aid
$this->assign('lastnum', $lastnum);
//最后一条记录数
$this->assign('list', $pp);
//模板输出
$this->display(TMPL_PATH . cookie('think_template') . '/pl_pl.html', 'utf-8', 'text/xml');
}示例7: update
public function update()
{
if (empty($_POST)) {
alert('请选择投票项!', 1);
}
inject_check($_POST['id']);
if (Cookie::is_set('vote' . $_POST['id'])) {
alert('您已投过票了!', 1);
}
//读取数据库
$vote = M('vote');
//if(C('TOKEN_ON') && !$vote->autoCheckToken($_POST)){$this->error(L('_TOKEN_ERROR_'));}//防止乱提交表单
$vo = $vote->where('id=' . intval($_POST['id']))->field('vote,overtime,starttime,stype')->find();
$strs = explode(PHP_EOL, trim($vo['vote']));
//业务处理
if (!$vo) {
alert('投票不存在!', 3);
}
if ($vo['overtime'] != '' && cptime(date('Y-m-d H:i:s'), $vo['overtime'])) {
alert('投票已结束!', U('votes/' . $_POST['id']));
}
if (!cptime(date('Y-m-d H:i:s'), $vo['starttime'])) {
alert('投票没有开始!', U('votes/' . $_POST['id']));
}
$data['vote'] = $vo['vote'];
if ($vo['stype'] == 0) {
$_POST['vote'] = array($_POST['vote']);
}
foreach ($_POST['vote'] as $v) {
$v = str_replace(PHP_EOL, "", $v);
if (in_array($v, $strs)) {
$s = explode("=", $v);
if (count($s) == 2 && is_numeric($s[1])) {
$data['vote'] = str_replace($v, $s[0] . "=" . (intval($s[1]) + 1), $data['vote']);
}
}
}
if ($vote->where('id=' . intval($_POST['id']))->save($data)) {
Cookie::set('vote' . $_POST['id'], '1', 365 * 60 * 60 * 24);
alert('投票成功!', U('votes/' . $_POST['id']));
}
alert("操作失败!", U('votes/' . $_POST['id']));
}示例8: index
public function index()
{
if (!isset($_GET['aid'])) {
$this->error('非法操作');
}
inject_check($_GET['aid']);
inject_check($_GET['p']);
$aid = intval($_GET['aid']);
//读取数据库和缓存
ob_start();
//用于生成静态HTML
$is_build = C('IS_BUILD_HTML');
//允许参数
$allow_param = array('p', 'keyword');
$static_file = './Html/' . cookie('think_template') . '/articles/' . $aid;
$mid_str = '';
if (count($_REQUEST) > 1) {
foreach ($_REQUEST as $k => $v) {
if ($k != 'aid' && in_array($k, $allow_param)) {
$mid_str .= '/' . $k . '/' . md5($v);
}
}
}
$static_file .= $mid_str . '.html';
$path = './ArticleAction.class.php';
$php_file = basename($path);
parent::html_init($static_file, $php_file, $is_build);
//以下是动态代码
$article = M('article');
$config = F('basic', '', './Web/Conf/');
$page_model = 'page/page_default.html';
//相关判断
$alist = $article->where('aid=' . $aid)->find();
if (!$alist) {
alert('文章不存在或已删除!', __APP__);
}
if ($alist['islink'] == 1) {
Header('Location:' . $alist['linkurl']);
}
if ($alist['status'] == 0) {
alert('文章未审核!', __APP__);
}
//阅读权限
if ($config['isread'] == 1) {
$uvail = explode(',', $_SESSION['dami_uservail']);
if (!in_array($alist['typeid'], $uvail)) {
alert('对不起您没有阅读改文章的权限!', __APP__);
}
}
$this->assign('title', $alist['title']);
parent::tree_dir($alist['typeid'], 'tree_list');
$type = M('type');
$list = $type->where('typeid=' . intval($alist['typeid']))->find();
if ($list) {
$pid = get_first_father($list['typeid']);
$cur_menu = get_field('type', 'typeid=' . $pid, 'drank');
$this->assign('cur_menu', $cur_menu);
$this->assign('type', $list);
}
$a = M('type')->where('typeid=' . $alist['typeid'])->getField('page_path');
if ($a != '' && file_exists(TMPL_PATH . cookie('think_template') . '/' . $a)) {
$page_model = $a;
}
//网站头部
R('Public/head');
R('Public/py_link');
//统计处理
if ($alist['status'] == 1) {
$map['hits'] = $alist['hits'] + 1;
$article->where('aid=' . $aid)->save($map);
}
//注销map
unset($map);
$alist['hits'] += 1;
//关键字替换
$alist['content'] = $this->key($alist['content']);
//鼠标轮滚图片
if ($config['mouseimg'] == 1) {
$alist['content'] = $this->mouseimg($alist['content']);
}
//文章内分页处理
if ($alist['pagenum'] == 0) {
//手动分页
$alist['content'] = $this->diypage($alist['content']);
} else {
//自动分页
$alist['content'] = $this->autopage($alist['pagenum'], $alist['content']);
}
//文章内投票
$this->vote($alist['voteid']);
//心情投票
$url = __ROOT__;
//用于心情js的根路径变量
$this->assign('url', $url);
//文章上下篇
$map['status'] = 1;
$map['typeid'] = $alist['typeid'];
$map['aid'] = array('lt', $alist['aid']);
$up = $article->where($map)->field('aid,title')->order('addtime desc')->limit(1)->find();
//dump($article->getLastsql());
//.........这里部分代码省略.........
示例9: inject_check
<?php
require_once "../config.php";
require_once '../includes/function.php';
require_once '../includes/smarty.inc.php';
require_once '../includes/connect.php';
require_once '../includes/userShell.php';
$id = $_GET["id"];
$key_check = inject_check($id);
$result1 = mysqli_query($con, "SELECT * FROM sd_setting");
//获取数据
while ($row1 = mysqli_fetch_assoc($result1)) {
$tit = $row1['main_tit'];
$share = $row1['share'];
$theme = $row1['theme'];
$url1 = $row1['zzurl'];
$domain = $row1['kjurl'];
$tjcode = $row1['tjcode'];
}
$err[0] = false;
$err[1] = "";
if (file_exists("../content/themes/" . $theme . "/pages/config.json")) {
$configFile = fopen("../content/themes/" . $theme . "/pages/config.json", "r");
$configContent = fread($configFile, filesize("../content/themes/" . $theme . "/pages/config.json"));
fclose($configFile);
$pages = json_decode($configContent, true);
$idCheck[0] = false;
foreach ($pages as $key => $value) {
if ($value["id"] == $id) {
$idCheck[0] = false;
$idCheck[1] = $value["file"];示例10: foreach
*
*
*/
foreach ($_POST as $key => $value) {
if (!is_array($value)) {
inject_check($value);
}
}
foreach ($_GET as $key => $value) {
if (!is_array($value)) {
inject_check($value);
}
}
foreach ($_REQUEST as $key => $value) {
if (!is_array($value)) {
inject_check($value);
}
}
function inject_check($Sql_Str)
{
//自动过滤Sql的注入语句。
$check = preg_match('/select|insert|update|delete|\'|\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile/i', $Sql_Str);
if ($check) {
$result['code'] = 0;
$result['info'] = "您提交的信息包含非法字符!";
print_r(json_encode($result));
exit;
} else {
return $Sql_Str;
}
}示例11: date_default_timezone_set
$key1 = "";
$sskey = $_GET['sskey'];
$tp = $_GET['type'];
require_once "../config.php";
//引入配置文件
require_once 'function.php';
//引入函数库
require_once 'connect.php';
require_once "qiniu/rs.php";
date_default_timezone_set("Asia/Shanghai");
//设置时区
error_reporting(0);
//设置错误级别0
$keyp = inject_check($tp);
//检查sql注入
$keyp1 = inject_check($sskey);
//检查sql注入
if ($keyp == "bad" || $keyp1 == "bad") {
exit;
}
if ($tp == "open") {
$ku = "sd_ss";
} else {
if ($tp == "lock") {
$ku = "sd_sskey";
}
}
$ju = "select * from " . $ku . " where sskey = '{$sskey}'";
$result = mysqli_query($con, $ju);
//获取数据
while ($row = mysqli_fetch_assoc($result)) {示例12: ob_start
ob_start();
header("Content-Type: text/html; charset=utf-8");
include "../include/config.php";
function inject_check($Sql_Str)
{
//自动过滤Sql的注入语句。
$check = preg_match('/select|insert|update|delete|\'|\\*|\\*|\\.\\.\\/|\\.\\/|union|into|load_file|outfile/i', $Sql_Str);
if ($check) {
echo '<script language="JavaScript">alert("系统警告:\\n\\n请不要尝试在参数中包含非法字符尝试注入!");window.location.href="/";</script>';
exit;
} else {
return $Sql_Str;
}
}
$AdminUser = inject_check($_REQUEST["AdminUser"]);
$AdminPass = md5(inject_check($_REQUEST["AdminPass"]));
$sql = "select * from admin where AdminUser='" . $AdminUser . "' and AdminPass='" . $AdminPass . "'";
$result = mysql_db_query($dbname, $sql);
//mysql_select_db($dbname);
//$result=mysql_query($sql);
$rs = mysql_fetch_array($result);
$fg = $rs["flag"];
$ip = $_SERVER["HTTP_VIA"] ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"];
$ip = $ip ? $ip : $_SERVER["REMOTE_ADDR"];
$data = date("Y-m-d H:i:s");
if ($rs != NULL) {
setcookie('ckey', "yes");
setcookie('AdminUser', $AdminUser);
setcookie('fg', $fg);
setcookie('ips', $ip);
setcookie('dt', $data);示例13:
<?php require_once 'include.php';
$sql="select * from dw_article where articleid=".inject_check($_GET['id']);
$rows=fetchOne($sql);
$web_sql="select * from dw_config";
$web_config=fetchOne($web_sql);
//print_r($web_config);
//echo $key."=>".$value; [$web_config][$webtitle];
//foreach($web_configs as $web_config):
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title><?php echo $rows['title'];?></title></title>
<link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">
<script src="http://cdn.bootcss.com/jquery/1.11.3/jquery.min.js"></script>
<!-- 最新的 Bootstrap 核心 JavaScript 文件 -->
<script src="http://cdn.bootcss.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
</head>
<body>
<div class="container">
<!-- 这个是页头-->
<?php require_once "head.php";?>
<!--这个是导航-->
<nav class="navbar navbar-default" style="margin:3px 0px; padding:0px;">
<div class="container-fluid">
<!-- Brand and toggle get grouped for better mobile display -->示例14: inject_check
<?php
require_once "../config.php";
//基础配置文件
require_once '../includes/function.php';
//函数库
require_once '../includes/smarty.inc.php';
//smarty模板配置
require_once '../includes/connect.php';
require_once '../includes/userShell.php';
$key = $_GET["key"];
//GET到的KEY值
$key_check = inject_check($key);
$result = mysqli_query($con, "SELECT * FROM sd_file\nWHERE key1='{$key}'");
while ($row = mysqli_fetch_assoc($result)) {
$ming = $row['ming'];
$zhuangtai = $row['cishuo'];
$policyId = $row['policyid'];
$uploadUser = $row['upuser'];
$array = explode(".", $ming);
//分割文件名
$filetype = end($array);
//获取文件扩展名
}
$results = mysqli_query($con, "SELECT * FROM sd_policy where id = {$policyId}");
while (@($row2 = mysqli_fetch_assoc($results))) {
$serverUrl = $row2['p_url'];
$fileSize = $row2['p_size'];
$fileDir = $row2['p_dir'];
$autoName = $row2['p_autoname'];
$nameRule = $row2['p_namerule'];示例15:
<?php
header("content-type:text/html;charset=utf-8");
error_reporting(E_ALL^E_NOTICE);
echo '<link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.5/css/bootstrap.min.css">';
require_once("../include.php");
$act=$_GET['act'];
if($act=="login"){
$username=inject_check($_POST['username']);
$userpass=md5(inject_check(($_POST['userpass'])));
$sql="select * from dw_user where username='{$username}' and userpass='{$userpass}'";
$row=fetchOne($sql);
if($row){
session_start();
$_SESSION['username']=$row['username'];
echo '<div class="alert alert-success" role="alert">登录成功!<a href="index.php">进入后台</a>!</div>';
}
else
{
echo '<div class="alert alert-danger" role="alert">登录失败!<a href="login.php">重新登录</a>!</div>';
}
}
//添加分类
if($act=="addclass"){
addclass();
}
//添加文章
if($act=="addarticle"){