Blind SQL Injection 대응 코드 추가

2014-03-18 15:35:21 +09:00
parent b52d3dd331
commit 4ddd09df85
2 changed files with 22 additions and 10 deletions
--- a/lib/common.lib.php
+++ b/lib/common.lib.php
@ -25,6 +25,18 @@ function array_map_deep($fn, $array)
    return $array;
 }

+// SQL Injection 대응 문자열 필터링
+function sql_escape_string($str)
+{
+    $pattern = '/(and|or).*(union|select|insert|update|delete|from|where|limit|create|drop).*/i';
+    $replace = '';
+
+    $str = preg_replace($pattern, $replace, $str);
+    $str = call_user_func(G5_ESCAPE_FUNCTION, $str);
+
+    return $str;
+}
+
 // 마이크로 타임을 얻어 계산 형식으로 만듦
 function get_microtime()
 {