Home >Backend Development >PHP Tutorial >'Perfect' anti-XSS and anti-SQL injection code spray

'Perfect' anti-XSS and anti-SQL injection code spray

WBOY
WBOYOriginal
2016-07-25 08:50:511261browse
Haha, I have posted a paragraph before, here is another paragraph. The company believes that these two codes in this project are very good and can prevent all code attacks, so I will publish them here. Please break it, please hurry up and break it.
  1. function gjj($str)
  2. {
  3. $farr = array(
  4. "/\s+/",
  5. "/<(\/?)(script|i?frame|style|html|body|title |link|meta|object|\?|\%)([^>]*?)>/isU",
  6. "/(<[^>]*)on[a-zA-Z]+ s*=([^>]*>)/isU",
  7. );
  8. $str = preg_replace($farr,"",$str);
  9. return addslashes($str);
  10. }
  11. function hg_input_bb ($array)
  12. {
  13. if (is_array($array))
  14. {
  15. foreach($array AS $k => $v)
  16. {
  17. $array[$k] = hg_input_bb($v);
  18. }
  19. }
  20. else
  21. {
  22. $array = gjj($array);
  23. }
  24. return $array;
  25. }
  26. $_REQUEST = hg_input_bb($_REQUEST);
  27. $_GET = hg_input_bb($_GET);
  28. $_POST = hg_input_bb( $_POST);
Copy code


Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn