PHP防SQL注入检测方法

<?php$referer  = $_SERVER['HTTP_REFERER'];$inpage   = $_SERVER['SCRIPT_NAME'];$ipaddr   = $_SERVER['REMOTE_ADDR'];$intime   = date('Y-m-d H:i:s');$sqlinarr_get  = array('cast', 'set', 'exec', 'insert', 'select', 'delete', 'update', 'execute', 'from', 'declare', 'varchar', 'script', 'iframe', '\'', '"', ';', '0x', '<', '>');$sqlinarr_post  = array('cast', 'exec', 'insert', 'select', 'delete', 'update', 'execute', 'from', 'declare', 'varchar', 'script', 'iframe');$sqlinarr_cookie = array('cast', 'set', 'exec', 'insert', 'select', 'delete', 'update', 'execute', 'from', 'declare', 'varchar', 'script', 'iframe');

//检测GET方式提交的数据if(isset($_GET)){ foreach($_GET as $getname => $getvalue){  foreach($sqlinarr_get as $invalue){   if(stripos($getvalue, $invalue) === false){    //do nothing   }else{    echo "<p>";    echo "参数中含有非法字符！";    echo "<br>";    echo "来源：".$referer;    echo "<br>";    echo "当前：".$inpage;    echo "<br>";    echo "时间：".$intime;    echo "<br>";    echo "IP：".$ipaddr;    echo "<br>";    echo "参数：".$getname;    echo "<br>";    echo "内容：".urlencode($getvalue);    echo "<br>";    echo "非法字符：".$invalue;    echo "</p>";    unset($_GET[$getname]);    die();   }  } }}

//检测POST方式提交的数据if(isset($_POST)){ foreach($_POST as $getname => $getvalue){  foreach($sqlinarr_post as $invalue){   if(stripos($getvalue, $invalue) === false){    //do nothing   }else{    echo "<p>";    echo "参数中含有非法字符！";    echo "<br>";    echo "来源：".$referer;    echo "<br>";    echo "当前：".$inpage;    echo "<br>";    echo "时间：".$intime;    echo "<br>";    echo "IP：".$ipaddr;    echo "<br>";    echo "参数：".$getname;    echo "<br>";    echo "内容：".urlencode($getvalue);    echo "<br>";    echo "非法字符：".$invalue;    echo "</p>";    unset($_POST[$getname]);    die();   }  } }}

//检测Cookie中的数据if(isset($_COOKIE)){ foreach($_COOKIE as $getname => $getvalue){  foreach($sqlinarr_cookie as $invalue){   if(stripos($getvalue, $invalue) === false){    //do nothing   }else{    echo "<p>";    echo "参数中含有非法字符！";    echo "<br>";    echo "来源：".$referer;    echo "<br>";    echo "当前：".$inpage;    echo "<br>";    echo "时间：".$intime;    echo "<br>";    echo "IP：".$ipaddr;    echo "<br>";    echo "参数：".$getname;    echo "<br>";    echo "内容：".urlencode($getvalue);    echo "<br>";    echo "非法字符：".$invalue;    echo "</p>";    unset($_COOKIE[$getname]);    die();   }  } }}?>