phpで不正な文字をフィルタリングする具体的な実装

 
  
class sqlsafe { 
  
private $getfilter = "'|(and|or)\\b.+?(>|private $postfilter = "\\b(and|or)\\b.{1,6}?(=|>|private $cookiefilter = "\\b(and|or)\\b.{1,6}?(=|>|/** 
  
*      
  
*/ 
  
public function __construct() { 
  
foreach($_GET as $key=>$value){$this->stopattack($key,$value,$this->getfilter);} 
  
foreach($_POST as $key=>$value){$this->stopattack($key,$value,$this->postfilter);} 
  
foreach($_COOKIE as $key=>$value){$this->stopattack($key,$value,$this->cookiefilter);} 
  
} 
  
/** 
  
*          
  
*/ 
  
public function stopattack($StrFiltKey, $StrFiltValue, $ArrFiltReq){ 
  
if(is_array($StrFiltValue))$StrFiltValue = implode($StrFiltValue); 
  
if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue) == 1){ 
  
$this->writeslog($_SERVER["REMOTE_ADDR"]." ".strftime("%Y-%m-%d %H:%M:%S")." ".$_SERVER["PHP_SELF"]." ".$_SERVER["REQUEST_METHOD"]." ".$StrFiltKey." ".$StrFiltValue); 
  
showmsg('        ,           ！','',0,1); 
  
} 
  
} 
  
/** 
  
* SQL     
  
*/ 
  
public function writeslog($log){ 
  
$log_path = CACHE_PATH.'logs'.DIRECTORY_SEPARATOR.'sql_log.txt'; 
  
$ts = fopen($log_path,"a+"); 
  
fputs($ts,$log."\r
"); 
  
fclose($ts); 
  
} 
  
} 
  
?>