php防止xss攻击以及sql注入
function SafeFilter (&$arr) { $ra=Array('/([x00-x08,x0b-x0c,x0e-x19])/','/select/','/from/','/update/','/delete/','/drop/','/alter/','/script/','/javascript/','/vbscript/','/expression/','/applet/' ,'/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/' ,'/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/', '/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/' ,'/onmouSEOut/','/onmouSEOver/','/onmouseup/','/onunload/'); if (is_array($arr)) { foreach ($arr as $key => $value) { if (!is_array($value)) { if (!get_magic_quotes_gpc()) //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。 { $value = addslashes($value); //给单引号(')、双引号(")、反斜线()与 NUL(NULL 字符) } $value = preg_replace($ra,'',$value); //删除非打印字符,粗暴式过滤xss可疑字符串 $arr[$key] = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 标记并转换为 HTML 实体 }else{ SafeFilter($arr[$key]); } } }else{ if(!get_magic_quotes_gpc()) //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。 { $arr = addslashes($arr); //给单引号(')、双引号(")、反斜线()与 NUL(NULL 字符) //加上反斜线转义 } $arr = preg_replace($ra,$arr); //删除非打印字符,粗暴式过滤xss可疑字符串 $arr = htmlentities(strip_tags($arr)); //去除 HTML 和 PHP 标记并转换为 HTML 实体 } } $post_info=array( 'aa'=>'121212 'bbb'=>'' ); SafeFilter($post_info); print_r($post_info); $str = 'www.90boke.com SafeFilter ($str); echo $str; (编辑:安卓应用网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |