]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU""/> ]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU"">
Home > Article > Backend Development > PHP anti-XSS anti-SQL injection code
function gjj($str) { $farr = array( "/\\s+/", "/<(\\/?)(script|i?frame|style|html|body|title|link|meta|object|\\?|\\%)([^>]*?)>/isU", "/(<[^>]*)on[a-zA-Z]+\s*=([^>]*>)/isU", ); $str = preg_replace($farr,"",$str); return addslashes($str); } function hg_input_bb($array) { if (is_array($array)) { foreach($array AS $k => $v) { $array[$k] = hg_input_bb($v); } } else { $array = gjj($array); } return $array; } $_REQUEST = hg_input_bb($_REQUEST); $_GET = hg_input_bb($_GET); $_POST = hg_input_bb($_POST);