include("config.php");
if($_GET["id"])
{
$_GET["id"]=inject_check($_GET["id"]);
echo $id;
}
function inject_check($sql_str) {
$check= eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file
|outfile', $sql_str);
if($check)
{
echo "非法字符!";
exit();
}else
{
return $sql_str;
}
}
?>
您可能感兴趣的文章:
PHP安全过滤代码(360提供 安全系数高)PHP过滤post,get敏感数据的实例代码
php 过滤非法与特殊字符串的方法
php 防注入的一段代码(过滤参数)
php实现过滤IP黑白名单的方法
很好用的php防止sql注入漏洞过滤函数的代码
一段php过滤危险html的代码
用php删除一个空目录相当简单了,用rmdir() 函数即可搞定。
但是要删除一个非空目录,则无法进行快速的删除,必须先将目录中文件删除,但是目录里可能还会有子目录,因此我们需要进行递归删除。
下面是一个递归删除目录的例子。
文件名:del_files.php
function deletedir($dir){
if(!handle=@opendir($dir)){ //检测要打开目录是否存在
die("没有该目录");
}
while(false !==($file=readdir($handle))){
if($file!=="."&&$file!==".."){ //排除当前目录与父级目录
$file=$dir .DIRECTORY_SEPARATOR. $file;
if(is_dir($file)){
deletedir($file);
}else{
if(@unlink($file)){
echo "文件<b>$file</b>删除成功。<br>";
}else{
echo "文件<b>$file</b>删除失败!<br>";
}
}
}
if(@rmdir($dir)){
echo "目录<b>$dir</b>删除成功了。<br>\n";
}else{
echo "目录<b>$dir</b>删除失败!<br>\n";
}
}
//测试程序
$dir="/var/www/test";
deletedir($dir);
?>
在 /var/www/test 文件夹下创建一些文件夹和文件。
shell> touch aaa
shell> touch bbb
shell> touch ccc
shell> touch eee
shell> touch ffff
shell> mkdir 111
shell> mkdir 222
shell> mkdir 333
分别再在111,222,333 文件夹下创建一些文件,然后给予权限。
shell>chown www.www test -R
然后运行del_files.php,检测递归删除目录的效果。
大家平常见的最多的是php连接mysql的类,今天给大家分享一个php连接sql server的类。
感兴趣的朋友可以参考下。
<?php
class DB_Handle {
var $ClassName = "DB_Handle";
var $Server;
var $UserName;
var $Password;
var $Database;
var $LinkID = 0;
var $QueryResult = "";
var $LastInsertID = "";
/* private ignore=>ignore the error and continue, halt=>report the error and halt, report=>report the error and continue */
var $Halt_On_Error = "report";
var $Error = "";
var $ErrNo = 0;
/**public
* remark: This is the db_mysql_class's structure
* function: Set the server,username,password,database variable.
*/
function DB_Handle($server = "", $username = "", $password = "", $database = "") {
$this->Server = $server;
$this->UserName = $username;
$this->Password = $password;
$this->Database = $database;
}
/**public
* function: Connect database and select database
* success: retun 1
* failed: return 0
*/
function connect() {
$this->LinkID = @mssql_pconnect ( $this->Server, $this->UserName, $this->Password );
if (! $this->LinkID) {
$this->halt ( "mssql_pconnect($this->Server,$this->UserName,$this->Password): Failed" );
return 0;
}
if (! @mssql_select_db ( $this->Database )) {
$this->halt ( "mssql_select_db($this->Database) Failed." );
return 0;
}
return 1;
}
/**public
* function: Check the database, if exist then select
* exist: return 1
* not exist: return 0
*/
function selectDatabase() {
if (@mssql_select_db ( $this->Database ))
return 1;
else
return 0;
}
/**public
* function: Execute SQL instruction
* success: return SQL Result.
* failed: return 0;
*/
function execQuery($sql = "") {
$this->connect();
if ($this->LinkID == 0) {
$this->halt ( "Execute SQL Failed: Have not valid database connect." );
return 0;
}
ob_start ();
$this->QueryResult = mssql_query ( $sql, $this->LinkID );
$error = ob_get_contents ();
ob_end_clean ();
if ($error) {
$this->halt ( "Execute SQL: mssql_query($sql,$this->LinkID) failed." );
return 0;
}
$reg = "#insert into#";
if (preg_match ( $reg, $sql )) {
$sql = "select @@IDENTITY as id";
$res = mssql_query ( $sql, $this->LinkID );
$this->LastInsertID = mssql_result ( $res, 0, id );
}
return $this->QueryResult;
}
/**public
* function: Get the query result's row number
* success: return the row fo the Result
* failed: return 0
*/
function getTotalRowNum($result = "") {
if ($result != "")
$this->QueryResult = $result;
$row = @mssql_num_rows ( $this->QueryResult );
if ($row >= 0)
return $row;
$this->halt ( "Get a row of result Failed: Result $result is invalid." );
return 0;
}
/**public
* function: Get the last insert record's id
* success: return id
* failed: return 0
*/
function lastInsertID() {
return $this->LastInsertID;
}
/**public
* function: Get a field's value
* success: return value of the field
* failed: return 0
*/
function getField($result = "", $row = 0, $field = 0) {
if ($result != "")
$this->QueryResult = $result;
$fieldvalue = @mssql_result ( $this->QueryResult, $row, $field );
if ($fieldvalue != "")
return $fieldvalue;
$this->halt ( "Get field: mssql_result($this->QueryResult,$row,$field) failed." );
return 0;
//Here should have error handle
}
/**public
* function: Get next record
* success: return a array of the record's value
* failed: return 0
*/
function nextRecord($result = "") {
if ($result != "")
$this->QueryResult = $result;
$record = @mssql_fetch_array ( $this->QueryResult );
if (is_array ( $record ))
return $record;
//$this->halt("Get the next record Failed: the Result $result is invalid.");
return 0;
}
/**public
* function: Free the Query Result
* success return 1
* failed: return 0
*/
function freeResult($result = "") {
if ($result != "")
$this->QueryResult = $result;
return @mssql_free_result ( $this->QueryResult );
}
/**public
* function: Set the Halt_On_Error's state
* success: return 1
* failed: return 0
*/
function setHaltOnError($state = "ignore") {
if (! ($state == "ignore" || $state == "report" || $state == "halt")) {
$this->halt ( "Set the Halt_On_Error Fail: There is no state value $state" );
return 0;
}
$this->Halt_On_Error = $state;
return 1;
}
/**public
* function: Get the Halt_On_Error's state
*/
function getHaltOnError() {
return $this->Halt_On_Error;
}
/**public
* function: Get the class's name
*/
function toString() {
return $this->ClassName;
}
/**private
* function: Error handle
*/
function halt($msg) {
$this->Error = @mysql_error ( $this->LinkID );
$this->ErrNo = @mysql_errno ( $this->LinkID );
if ($this->Halt_On_Error == "ignore")
return;
$this->makeMsg ( $msg );
if ($this->Halt_On_Error == "halt")
die ( "Session halted" );
}
/**private
* function: Make error information and print
*/
function makeMsg($msg) {
printf ( "Database error: %s\n", $msg );
printf ( "MySQL Error: %s (%s)\n", $this->ErrNo, $this->Error );
}
}