如果有人试图sql注入我,我有这个代码。问题是不想写入该文件。可能是什么问题?
$queryString = strtolower($_SERVER['QUERY_STRING']);
if (strstr($queryString,"<") OR strstr($queryString,">") OR strstr($queryString,"(") OR strstr($queryString,")") OR
strstr($queryString,"..") OR
strstr($queryString,"%") OR
strstr($queryString,"*") OR
strstr($queryString,"+") OR
strstr($queryString,"!") OR
strstr($queryString,"@")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date ("d-m-Y @ h:i:s");
$lfh = "try.txt";
$log = fopen ( $lfh,"a+" );
fputs ($log, "Attack Date: $date | Attacker IP: $ip | QueryString: $loc?=$queryString\n");
fclose($log);
echo "What are you doing?!"; exit;
该文件位于同一文件夹中。
@Niet the Dark Absol - &gt;我用它来阻止sql注入。好吗?
$username = htmlspecialchars(mysqli_real_escape_string($con, addslashes($_POST['username'])));
$password = sha1($_POST['password']);
$query = mysqli_query($con, "SELECT * FROM users WHERE username='".addSlashes($username)."' AND password='".addSlashes($password)."'");
答案 0 :(得分:1)
您可以按照这样的脚本来保存您的txt文件。
$arquivo = "Logger.txt";
$texto = "[".$hora."][".$ip."][".$_SESSION['username']."] > ".$msg." \n";
$manipular = fopen("$arquivo", "a+b");
fwrite($manipular, $texto);
fclose($manipular);