PHP "完美"的防XSS 防SQL注入的代码 喷
- WBOYOriginal
- 2016-06-21 08:49:371147browse
哈哈,之前发过一段了,再来一段,单位认为这个项目中这两个代码很牛,可以防止一切代码类的攻击,在此发布出来。求破解,大家加紧破,
function gjj($str)
{
$farr = array(
"/\\s+/",
"/]*?)>/isU",
"/(]*)on[a-zA-Z]+\s*=([^>]*>)/isU",
);
$str = preg_replace($farr,"",$str);
return addslashes($str);
}
function hg_input_bb($array)
{
if (is_array($array))
{
foreach($array AS $k => $v)
{
$array[$k] = hg_input_bb($v);
}
}
else
{
$array = gjj($array);
}
return $array;
}
$_REQUEST = hg_input_bb($_REQUEST);
$_GET = hg_input_bb($_GET);
$_POST = hg_input_bb($_POST);
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:关于PHP语言构造器Next article:随机变量函数的分布: PHP常用函数之is_var():检测是否合法变量名