防止sql注入与跨站攻击的代码分享(初级实用型)

<?php
//防注入函数
function inject_check($sql_str){
 $check = eregi('select|insert|update|delete|*|/*|'|../|./|UNION|into|load_file|outfile',$sql_str);
 if($check){    
    page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
    exit();    
    }else{
    return $sql_str;
 }
}
//防跨站攻击
function inject_check2($sql_str){
 $check =
 eregi('javascript|vbscript|expression|applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|
frameset|ilayer|layer
|bgsound|title|base|onabort|onact
 ivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus
|onbeforepaste|onbeforeprint|onbeforeunload|onb
 eforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|
ondataavailable
|ondatasetchanged|ondatasetcomplete|ondblc
 lick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|
ondrop|onerror|onerrorupdate
|onfilterchange|onfinish|onfocus|onfocusin|onfoc
 usout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture
|onmousedown|onmouseenter|
onmouseleave|onmousemove|onmouseout|onmouseover|onmou
 seup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|
onresize|onresizeend|onresizestart|onrowenter|onrowexit|onr
 owsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|
onsubmit|onunload',$sql_str);
 if($check){    
    page_href("http://".$_SERVER['HTTP_HOST']."/home/sitemap.php");
    exit();    
    }else{
    //return $sql_str;
 }
} //by www.jb200.com
?>