PHP anti-injection filtering customer submission $_GET and $_POST parameters_PHP tutorial

The following is a program code to prevent php pages from injecting sql. Friends in need can refer to it.

The following code implements filtering PHP’s $_GET and $_POST parameters

The code is as follows

代码如下

复制代码

/** * 安全防范 */ function Add_S($array) { foreach($array as $key=>$value) { if(!is_array($value)) { $value = get_magic_quotes_gpc()?$value:addslashes($value); $array[$key]=filterHtml($value); } Else { Add_S($array[$key]); } } return $array; } function glstr($var) { if (is_array($var)) { return Add_S($var); } elseif(strlen($var)){ $var = get_magic_quotes_gpc()?$var:addslashes($var); $var = filterHtml($var); } return $var; } function filterHtml($html) { $farr = array( "/]*?)>/eis", "/<(/?)(html|body|head|link|meta|base|input)([^>]*?)>/eis", "/<(script|i?frame|style|title|form)(.*?)/eis", "/(<[^>]*?s+)on[a-z]+s*?=("|')([^2]*)2([^>]*?>)/isU",//过滤javascript的on事件 "/s+/",//过滤多余的空白 ); $tarr = array( "", "", "", "14", " ", ); $html = preg_replace( $farr,$tarr,$html); return $html; } if (sizeof($_GET)) { foreach($_GET as $key => $value) { $_GET[$key] = glstr($value); // } } if (sizeof($_POST)) { foreach($_POST as $key => $value) { $_POST[$key] = glstr($value); // } }

Copy code

/**
* Safety precautions
*/
function Add_S($array)
{
foreach($array as $key=>$value)
{
if(!is_array($value))
{
$value = get_magic_quotes_gpc()?$value:addslashes($value);
$array[$key]=filterHtml($value);
}
Else
{
Add_S($array[$key]);
}
}
return $array;
}
function glstr($var) {

if (is_array($var)) {
return Add_S($var);
}
elseif(strlen($var)){
$var = get_magic_quotes_gpc()?$var:addslashes($var);

$var = filterHtml($var);
}
return $var;
}
function filterHtml($html)
{
$farr = array(
"/]*?)>/eis",
"/<(/?)(html|body|head|link|meta|base|input)([^>]*?)>/eis",
"/<(script|i?frame|style|title|form)(.*?)/eis",
"/(<[^>]*?s+)on[a-z]+s*?=("|')([^2]*)2([^>]*?>)/isU" ,//Filter the on event of javascript
"/s+/",//Filter excess whitespace
);
$tarr = array(
"",
"",
"",
"14",
" ",
);
$html = preg_replace( $farr,$tarr,$html);
return $html;
}
if (sizeof($_GET)) {
foreach($_GET as $key => $value) {
$_GET[$key] = glstr($value); //
} }
if (sizeof($_POST)) {
foreach($_POST as $key => $value) {
$_POST[$key] = glstr($value); //
}
}

http://www.bkjia.com/PHPjc/629648.html

www.bkjia.com

truehttp: //www.bkjia.com/PHPjc/629648.htmlTechArticleThe following is a program code to prevent php pages from injecting sql. Friends in need can refer to it. The following code implements filtering php's $_GET and $_POST parameters. The code is as follows. Copy code /** * Security...