php HtmlReplace输入过滤安全函数
- WBOYOriginal
- 2016-06-06 20:34:291751browse
这个替换函数,是对用户输入的一些安全过滤,防止用户提交了不安全的代码。
代码如下:
// $rptype = 0 表示仅替换 html标记
// $rptype = 1 表示替换 html标记同时去除连续空白字符
// $rptype = 2 表示替换 html标记同时去除所有空白字符
// $rptype = -1 表示仅替换 html危险的标记
function HtmlReplace($str,$rptype=0)
{
$str = stripslashes($str);
if($rptype==0)
{
$str = htmlspecialchars($str);
}
else if($rptype==1)
{
$str = htmlspecialchars($str);
$str = str_replace(" ",' ',$str);
$str = ereg_replace("[rnt ]{1,}",' ',$str);
}
else if($rptype==2)
{
$str = htmlspecialchars($str);
$str = str_replace(" ",'',$str);
$str = ereg_replace("[rnt ]",'',$str);
}
else
{
$str = ereg_replace("[rnt ]{1,}",' ',$str);
$str = eregi_replace('script','script',$str);
$str = eregi_replace("]*>",'',$str);
}
return addslashes($str);
}
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP面向对象分析设计的61条军规小结Next article:在PHP中养成7个面向对象的好习惯